Howdy, stranger! Ready to join the community? [log in]

Firefox nabbed by spyware

Robert Hallock December 4, 2008 11:05 AM ET in Tech

UK Romanian security vendor BitDefender has identified a new strain of malware explicitly designed to attack Firefox by exploiting the popular addons feature.

The exploit, identified as Trojan.PWS.ChromeInject.A, registers itself as an addon with Firefox and is configured to relay a user’s credentials for more than 100 global financial institutions. Using JavaScript to execute its function, this new strain of malware registers itself as the harmless and popular Greasemonkey addon.

Information stolen as a result of Chromeinject.A is sent to a server in Russia, the fount from which all malware seems to spring.

Though this attack is clearly amongst the first of its kind for the popular Firefox browser, the attack cannot be directly installed through Firefox. The payload is instead delivered in conjunction with another piece of malware that a user can attract by using another browser, or as a result of a user being duped into installing malicious software.

Share |

6 Comments:

  1. Kwitko
    Sheriff of Dicktown
    4 Dec '08, 11:11 am

    Funny. Get to FF by way of IE. Chances are if you're using FF you're smart enough not to get dinged by malware in the first place.

  2. mertesn
    Icrontic Duke of Haxor
    4 Dec '08, 12:31 pm

    IE would like to install an addon...for the ENEMY!!!

  3. Doug Woodall
    Guest
    5 Dec '08, 12:06 pm

    Well, its only a matter of time. As alternative browsers become more popular, more attacks will be directed towards them.

  4. DrLiam
    FoxtoN
    5 Dec '08, 12:10 pm

    Well at least Russia is being very innovative here. :x

  5. tolique
    Guest
    8 Dec '08, 10:42 am

    Very nice article, but only one thing to complain: BitDefender is a Romanian Antivirus not British and for now it has been my top choice for antivirus protection.

  6. Robert Hallock
    Cad
    8 Dec '08, 10:56 am

    You're very right, Tolique. The original article has been updated to say Romania. Thank you for commenting.

Hey, be nice. Icrontic is full of good people, we promise.

New Features on Icrontic: