December 05, 2008

Malware posing as Firefox plugin steals login information

If you have an account at Bank of America, Chase, Wachovia, PayPal or e-gold, you may be sharing your financial information with a host in Russia.

According to researchers at BitDefender's anti-virus research labs, a new threat -– called Trojan.PWS.ChromeInject.A -– is designed to be delivered onto a compromised computer, and moved into Mozilla Firefox's plug-in folder. The user's computer must have been previously infected in some way by malware designed to download the virus. On such machines, as BitDefender alert said, the malware “…is downloaded to a Mozilla Firefox plug-in folder and is executed each time the user opens Firefox.”

Specifically, the malware filters the URLs within the Mozilla Firefox browser and whenever it encounters financial account addresses opened in the browser it captures the login credentials. BitDefender further claimed that the program “filters data sent by the user to over 100 online banking websites.”

Victims infected with the malware may have their login credentials sent to a web address in Russia.

Viorel Canja, head of BitDefender anti-virus lab, said in a statement, "Users should be aware of the risks they are facing if such confidential information is stolen."

Related Articles
Related Topics
Related Links

More in News

Privacy-bolstering "Apps Act" introduced in House

The bill would provide consumers nationwide with similar protections already enforced by a California law.

Microsoft readies permanent fix for Internet Explorer bug used in energy attacks

Microsoft is prepping a whopper of a security update that will close 33 vulnerabilities, likely including an Internet Explorer (IE) flaw that has been used in targeted website attacks against the U.S. government.

Weakness in Adobe ColdFusion allowed court hackers access to 160K SSNs

Up to 160,000 Social Security numbers and one million driver's license numbers may have been accessed by intruders.