FireFox 'plug-in' harvests web passwords
BitDefender’s antivirus research labs report finding a new kind of malware in the wild. Known as Trojan.PWS.ChromeInject, the new trojan must be delivered as a payload by other malware for subsequent download into the FireFox plug-in folder. Once in place the trojan is active whenever FireFox is loaded.
BitDefender's researchers say that the trojan uses a check list of designated banking sites to home in on transaction and password data. The list includes many well known names including PayPal, which is used widely in the UK for online shopping and financial transactions. The stolen login credentials are sent to a web address similar to the, now removed, eex.ru. Both the domain and the hosting server are located in Russia, which points to the origins of this latest e-threat.
In responding to this alert Viorel Canja, head of BitDefender anti-virus lab, said, rather redundantly, “Users should be aware that without the appropriate security solution, the integrity of their systems is at an extremely high risk".
- BitDefender detects novel approach to stealing web passwords, report from BitDefender
- Trojan.PWS.ChromeInject.B, list of designated sites from BitDefender