Daily cyber threats and internet security news: network security, online safety and latest security alerts
December 6th, 2008

Login And Password Stealing Trojan Masquerades As Firefox Plug-in

A password stealing Trojan that poses as a Firefox Plugin is doing the rounds, according to Romanian security firm BitDefender. ChromeInject-A is typically downloaded onto Windows PCs already compromised by other  malware.

It drops an executable file (which is a Firefox 3 add-on) and a JavaScript file (detected by Bitdefender as Trojan.PWS.ChromeInject.A) into the Firefox plugins and chrome folders respectively. It filters the URLs within the Mozilla Firefox browser and whenever encounter the specific addresses opened in the Firefox browser it captures the login credentials. It is the first malware that targets Firefox. The filtering is done by a JavaScript file running in Firefox’s chrome environment.

The backdoor code looks for data exchanged between a compromised machine and a list of pre-programmed banking sites in Europe, Australia and the US. Harvested login credentials are captured and subsequently posted to a server located in Russia.

BitDefender reports that incidents of the malware are “very low”, so the attack is more notable for its novelty than its potency. Malware that capitalises on the popularity of Firefox is rare, but not unprecedented.

Share this item with others:

More on CyberInsecure:
  • Password Bug Fixed Sooner Than Expected in Firefox 3.0.3
  • Another Crime Server Discovered, Contained 44 Million Stolen Game Accounts
  • Password-Stealing Trojan Spreads Through Latest Windows Zero-Day Vulnerability
  • Insurance Company Aviva Breached, Sensitive Personal Data Leaked Due To Malware Infection
  • Users Login Credentials Potentially Exposed In Science Journal Breach

  • If you found this information useful, consider linking to it from your own website.
    Just copy and paste the code below into your website (Ctrl+C to copy)
    It will look like this: Login And Password Stealing Trojan Masquerades As Firefox Plug-in

    Leave a Reply

    Comments with unsolicited links to other resources will be marked as spam. DO NOT leave links in comments. Please leave your real email, it wont be published.

    To prove you’re a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.