Malware posing as Firefox plugin steals login information
If you have an account at Bank of America, Chase, Wachovia, PayPal or e-gold, you may be sharing your financial information with a host in Russia.
According to researchers at BitDefender's anti-virus research labs, a new threat -– called Trojan.PWS.ChromeInject.A -– is designed to be delivered onto a compromised computer, and moved into Mozilla Firefox's plug-in folder. The user's computer must have been previously infected in some way by malware designed to download the virus. On such machines, as BitDefender alert said, the malware “…is downloaded to a Mozilla Firefox plug-in folder and is executed each time the user opens Firefox.”
Specifically, the malware filters the URLs within the Mozilla Firefox browser and whenever it encounters financial account addresses opened in the browser it captures the login credentials. BitDefender further claimed that the program “filters data sent by the user to over 100 online banking websites.”
Victims infected with the malware may have their login credentials sent to a web address in Russia.
Viorel Canja, head of BitDefender anti-virus lab, said in a statement, "Users should be aware of the risks they are facing if such confidential information is stolen."
