Trojan pretends to be a Firefox extension

by Steve Ragan - Dec 4 2008, 16:20

BitDefender is warning of a new Trojan that masquerades as a Firefox extension. The Trojan, Trojan.PWS.ChromeInject.A, is downloaded to a Mozilla Firefox Plug-in folder and is executed each time the user opens Firefox.

Trojan attempting to pass as add-on steals banking information.(IMG:.Anderson)

The bastardized Firefox add-on filters data sent by the user to over 100 banking websites. Once filtered, BitDefender says that users infected with the trojan have their login credentials sent to a web address based in Russia.Banks, including Bank of America, Chase, Halifax, Wachovia, PayPal, E-Gold, Barclays, HSBC, Fifth Third, and National City, are all on the list.The filtering is done by a JavaScript file running in Firefox's chrome environment, BitDefender said in a write up.The write up also explains that you can look for signs of infection yourself by looking in the Firefox folder for the following:%ProgramFiles%/Mozilla Firefox/plugins/npbasic.dll"
%ProgramFiles%/Mozilla Firefox/chrome/chrome/content/browser.jsThe impact of the Trojan is rated as High by BitDefender, but they have listed the risk of spreading as Very Low, as there are no wide spread reports of this Trojan moving about online.

Talkback

There are currently no comments for this article. Be the first to comment! (no registration required)

Security: Index; News

: Features; Reviews

Advertising

The Fine Print

© 2008 - 2009 The Tech Herald.com, WOTR Limited. All photos are copyright their respective owners and are used under license or with permission. The Tech Herald cannot be held responsible for the content on other Web Sites.

Servers supplied by Servint

Security

Trojan pretends to be a Firefox extension

Talkback

Latest

Latest Articles on Monsters&Critics

In The Tech Herald

Site

The Fine Print