A new type of malware is disguising itself as a Firefox plugin in order to steal passwords on a users computer. Over at BitDefender they have isolated the bug known as Trojan.PWS.ChromeInject.A.
BitDefender also states that:
According to BitDefender researchers, the Trojan filters data sent by the victim to a large number of designated banking websites which are used everyday in the UK for online shopping and financial transactions.
Harvested login credentials will be sent to a web address similar to [removed]eex.ru. Both the domain and the hosting server are located in Russia, which points to the origins of this latest e-threat.
“In order to stay safe, home computer users are advised to install effective Internet Security protection and make sure they are updated regularly, to ward off these attempts,” says Viorel Canja, head of BitDefender anti-virus lab.
If you are using Firefox a scan of your system is recommended along with making sure your A/V program is up to date.
Comments welcome.
Any chance we can be let in on which plug-in this trojan comes as? Or is this just another scare tactic designed to sell AV software?
Hello James,
It does not specifically attach to any Firefox plug-in, but actually disguises itself as a Firefox plug-in and hides itself in the Firefox plug-in folder.
[...] Malware Hides As A Firefox Plugin [...]