New password-stealing application disguised as a Firefox plugin

BitDefender Labs detected a new type of password-stealing application disguised as a Mozilla Firefox Plugin. The e-threat, Trojan.PWS.ChromeInject.A, is downloaded to a Mozilla Firefox Plugin folder and is executed each time the user opens Firefox.

Trojan.PWS.ChromeInject.A filters data sent by the user to over 100 online banking websites. The banking websites include:,,,, and

Users infected with Trojan.PWS.ChromeInject.A have their login credentials sent to a web address similar to [removed] Both the domain and the hosting server are located in Russia, which could indicate the origin o

Don't miss