BitDefender Uncovers New Password Stealing Application

December 2008


A password stealing application, disguised as a Firefox Plugin, filters sent login credentials

BitDefender® announced that a new type of password - stealing application disguised as a Mozilla Firefox Plugin has been detected in the wild. The e-threat, Trojan.PWS.ChromeInject.A, is downloaded to a Mozilla Firefox Plugin folder and is executed each time the user opens Firefox.

Trojan.PWS.ChromeInject.A filters data sent by the user to over 100 online banking websites. The banking websites include: bankofamerica.com, chase.com, halifax-online.co.uk, wachovia.com, paypal.com and e-gold.com. Users infected with Trojan.PWS.ChromeInject.A have their login credentials sent to a web address similar to [removed]eex.ru. Both the domain and the hosting server are located in Russia, which could indicate the origin of this e-threat.

“Users should be aware of the risks they are facing if such confidential information is stolen,” said Viorel Canja, head of BitDefender anti-virus lab.


Share This ON: