Malware posing as Firefox plugin steals login information

Victims infected with new malware may have their financial login credentials sent to a web address in Russia.

If you have an account at Bank of America, Chase, Wachovia, PayPal or e-gold, you may be sharing your financial information with a host in Russia.

According to researchers at BitDefender's anti-virus research labs, a new threat -– called Trojan.PWS.ChromeInject.A -– is designed to be delivered onto a compromised computer, and moved into Mozilla Firefox's plug-in folder. 

In other words, as BitDefender alert said, the malware “…is downloaded to a Mozilla Firefox plug-in folder and is executed each time the user opens Firefox.”

Specifically, the malware filters the URLs within the Mozilla Firefox browser and whenever it encounters financial account addresses opened in the browser it captures the login credentials. BitDefender further claimed that the program “filters data sent by the user to over 100 online banking websites.”

Victims infected with the malware may have their login credentials sent to a web address in Russia.

Viorel Canja, head of BitDefender anti-virus lab, said in a statement, "Users should be aware of the risks they are facing if such confidential information is stolen."

See original article on scmagazineus.com

Copyright © SC Magazine, US edition

firefox information login malware plugin security steals