Virus writers have latched onto the popularity of Firefox with a new variant on the established practice of stealing online banking passwords.

A password pinching Trojan that poses as a Firefox Plugin is doing the rounds, Romanian security firm BitDefender warns. ChromeInject-A is typically downloaded onto Windows PCs already compromised by other strains of malware.

Harvested login credentials are captured and subsequently posted to a server located in Russia.

More details on the bank sites targeted, along with the general behaviour of the Trojan, can be found in a write-up by BitDefender here.

BitDefender reports that incidents of the malware are "very low", so the attack is more notable for its novelty than its potency. Malware that capitalises on the popularity of Firefox is rare, but not unprecedented.

Two years ago a spyware package that masqueraded as an extension to the Firefox web browser was spotted on the net. Like ChromeInject-A, FormSpy failed to do much harm. ®

Related stories

• Firefox blocks and backtracks on 'insecure' MS add-ons (19 October 2009)
• Spyware ad-on targets Firefox fans (1 September 2009)
• Firefox users flip out over sneak MS add-on (1 June 2009)
• Firefox update tackles critical memory bugs (5 March 2009)
• Latest Firefox beta gets touchy on Mac (11 December 2008)
• Drive-by download attack mows down thousands of websites (10 November 2008)
• Security researchers lift the lid on Torpig banking Trojan (31 October 2008)
• New Trojan preys on commercial banking customers (17 December 2007)
• Russian phishers loot $500K in two-year hacking spree (2 August 2007)
• Trojan download site spoofs IE7 release outlet (18 October 2006)
• Spyware poses as Firefox extension (26 July 2006)
• Firefox and Mac security sanctuaries 'under attack' (19 September 2005)
• Analysis Drive-by Trojans exploit browser flaws (23 March 2005)