Virus writers have created a spyware package that poses as an extension to the Firefox web browser.

FormSpy, which poses as the legitimate NumberedLinks 0.9 extension, is programmed to steal confidential information from compromised machines including passwords, credit card numbers, and ebanking login details. The malware is also capable of sniffing passwords from ICQ, FTP, and email traffic before sending this data to a hacker-controlled website.

FormSpy is normally downloaded onto compromised machines already infected with another Trojan program, called Downloader-AXM. It can also spread as a drive-by download from compromised websites.

Downloader-AXM began spreading via virus infected spam messages (example here) earlier this week. Fortunately, the attack is not yet widespread, according to net security firm McAfee, which has published a detailed write-up of the threat here. ®

Related stories

• Firefox plug-in Trojan harvests logins (4 December 2008)
• 'Firefox flaw wrecked my relationship' (23 March 2006)
• Firefox 2.0 alpha debuts online (22 March 2006)
• Firefox and Mac security sanctuaries 'under attack' (19 September 2005)
• Firefox spoof bug returns from the dead (7 June 2005)
• Analysis Drive-by Trojans exploit browser flaws (23 March 2005)
• Alternative browser spyware infects IE (11 March 2005)
• Firefox.de in adware rumpus (23 November 2004)