Security Architecture, Endpoint/Device Security, Endpoint/Device Security, Network Security, Threat Management, Malware, Endpoint/Device Security, Endpoint/Device Security, Endpoint/Device Security

Malware posing as Firefox plugin steals login information

If you have an account at Bank of America, Chase, Wachovia, PayPal or e-gold, you may be sharing your financial information with a host in Russia.

According to researchers at BitDefender's anti-virus research labs, a new threat -– called Trojan.PWS.ChromeInject.A -– is designed to be delivered onto a compromised computer, and moved into Mozilla Firefox's plug-in folder. The user's computer must have been previously infected in some way by malware designed to download the virus. On such machines, as BitDefender alert said, the malware “…is downloaded to a Mozilla Firefox plug-in folder and is executed each time the user opens Firefox.”

Specifically, the malware filters the URLs within the Mozilla Firefox browser and whenever it encounters financial account addresses opened in the browser it captures the login credentials. BitDefender further claimed that the program “filters data sent by the user to over 100 online banking websites.”

Victims infected with the malware may have their login credentials sent to a web address in Russia.

Viorel Canja, head of BitDefender anti-virus lab, said in a statement, "Users should be aware of the risks they are facing if such confidential information is stolen."

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.