BitDefender Uncovers New Password Stealing Application

December 2008

A password stealing application, disguised as a Firefox Plugin, filters sent login credentials

BitDefender announced that a new type of password - stealing application disguised as a Mozilla Firefox Plugin has been detected in the wild. The e-threat, Trojan.PWS.ChromeInject.A, is downloaded to a Mozilla Firefox Plugin folder and is executed each time the user opens Firefox.

Trojan.PWS.ChromeInject.A filters data sent by the user to over 100 online banking websites. The banking websites include:,,,, and Users infected with Trojan.PWS.ChromeInject.A have their login credentials sent to a web address similar to [removed] Both the domain and the hosting server are located in Russia, which could indicate the origin of this e-threat.

Users should be aware of the risks they are facing if such confidential information is stolen, said Viorel Canja, head of BitDefender anti-virus lab.

Who killed the Internet? Were your devices involved in the massive attack that brought down Twitter, Netflix, Spotify and the NY Times? Next time, it might be worse. Find out more