Members
  • Total Members: 12818
  • Latest: martin
Stats
  • Total Posts: 28536
  • Total Topics: 8240
  • Online Today: 1005
  • Online Ever: 51419
  • (01. January 2010., 10:27:49)












Author Topic: Firefox plug-in Trojan harvests logins (ChromeInject-A)  (Read 1598 times)

0 Members and 1 Guest are viewing this topic.

Samker

  • SCF Administrator
  • *****
  • Posts: 7206
  • KARMA: 291
  • Gender: Male
  • Whatever doesn't kill us makes us stronger.
    • SCforum.info - Samker's Computer Forum
Firefox plug-in Trojan harvests logins (ChromeInject-A)
« on: 05. December 2008., 11:19:46 »


Virus writers have latched onto the popularity of Firefox with a new variant on the established practice of stealing online banking passwords.

A password pinching Trojan that poses as a Firefox Plugin is doing the rounds, Romanian security firm BitDefender warns. ChromeInject-A is typically downloaded onto Windows PCs already compromised by other strains of malware.

Once installed, the Trojan sits in Firefox's Plugin folder, activating every time the popular browser is started. The backdoor code looks for data exchanged between a compromised machine and a list of pre-programmed banking sites in Europe, Australia and the US.

Harvested login credentials are captured and subsequently posted to a server located in Russia.

More details on the bank sites targeted, along with the general behaviour of the Trojan, can be found in a write-up by BitDefender here: http://www.bitdefender.com/VIRUS-1000451-en--Trojan.PWS.ChromeInject.B.html

BitDefender reports that incidents of the malware are "very low", so the attack is more notable for its novelty than its potency. Malware that capitalises on the popularity of Firefox is rare, but not unprecedented.

Two years ago a spyware package that masqueraded as an extension to the Firefox web browser was spotted on the net. Like ChromeInject-A, FormSpy failed to do much harm.

(The Register)

Samker's Computer Forum - SCforum.info

Firefox plug-in Trojan harvests logins (ChromeInject-A)
« on: 05. December 2008., 11:19:46 »




 

With Quick-Reply you can write a post when viewing a topic without loading a new page. You can still use bulletin board code and smileys as you would in a normal post.

Name: Email:
Verification:
Type the letters shown in the picture
Listen to the letters / Request another image
Type the letters shown in the picture:
Second Anti-Bot trap, type or simply copy-paste below (only the red letters):www.scforum.info:

Enter your email address to receive daily email with 'SCforum.info - Samker's Computer Forum' newest content:

Terms of Use | Privacy Policy | Advertising