Firefox plug-in Trojan harvests logins
Print storySpy on the wire
Posted in Spyware, 4th December 2008 10:35 GMT
Free whitepaper – The starter PKI program
Virus writers have latched onto the popularity of Firefox with a new variant on the established practice of stealing online banking passwords.
A password pinching Trojan that poses as a Firefox Plugin is doing the rounds, Romanian security firm BitDefender warns. ChromeInject-A is typically downloaded onto Windows PCs already compromised by other strains of malware.
Once installed, the Trojan sits in Firefox's Plugin folder, activating every time the popular browser is started. The backdoor code looks for data exchanged between a compromised machine and a list of pre-programmed banking sites in Europe, Australia and the US.
Harvested login credentials are captured and subsequently posted to a server located in Russia.
More details on the bank sites targeted, along with the general behaviour of the Trojan, can be found in a write-up by BitDefender here.
BitDefender reports that incidents of the malware are "very low", so the attack is more notable for its novelty than its potency. Malware that capitalises on the popularity of Firefox is rare, but not unprecedented.
Two years ago a spyware package that masqueraded as an extension to the Firefox web browser was spotted on the net. Like ChromeInject-A, FormSpy failed to do much harm. ®
Free whitepaper – Securing your online data transfer with SSL
Airport insecurity: the case of lost laptops
Jump start your Application Security initiatives
Reducing messaging and web security costs with managed services
Avoiding 7 common mistakes of IT security compliance
Extended Validation SSL Certificates
Feds: Hospital hacker's 'massive' DDoS averted
Buggy 'smart meters' open door to power-grid botnet
Microsoft knew of nasty IE bug a year before attacks
BlockMaster SafeStick hardware-encrypted USB drive