Application security

Trojan claims to be Firefox extension, sends out personal info

A newly discovered trojan is taking advantage of the growing popularity of Mozilla's Firefox, claiming to be a browser extension to infect PCs.

The trojan, called FormSpy by McAfee, is downloaded to PCs already infected with the Downloader-AXM trojan, according to McAfee.

Downloader-AXM contacts servers to download malicious software without user knowledge, according to McAfee.

Once downloaded, the trojan sends information submitted to the browser to a malicious website. The malware is also capable of sniffing passwords from ICQ, FTP, IMAP and POP3 traffic, according to an advisory from McAfee.

The trojan was modified from the NumberedLinks 0.9 component available on the internet, according to McAfee.

Allysa Meyers, virus research engineer at McAfee, said today that the downloader trojan is not very widespread, despite spamming out yesterday.

That type of distribution makes the trojan unique, said Myers.

"The thing about this one is that it's the first mass-spamming of a trojan that specifically targets Firefox," she said. "This shows the growing importance of Firefox. (Malicious users) figured enough users have (Firefox) that it would now that it would be worth something to make this."

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.