New password-stealing application disguised as a Firefox plugin

BitDefender Labs detected a new type of password-stealing application disguised as a Mozilla Firefox Plugin. The e-threat, Trojan.PWS.ChromeInject.A, is downloaded to a Mozilla Firefox Plugin folder and is executed each time the user opens Firefox.

Trojan.PWS.ChromeInject.A filters data sent by the user to over 100 online banking websites. The banking websites include: bankofamerica.com, chase.com, halifax-online.co.uk, wachovia.com, paypal.com and e-gold.com.

Users infected with Trojan.PWS.ChromeInject.A have their login credentials sent to a web address similar to [removed]eex.ru. Both the domain and the hosting server are located in Russia, which could indicate the origin o




Share this