02 December 2008
A password stealing application, disguised as a Firefox Plugin, filters sent login credentials
BitDefender� announced that a new type of password - stealing application disguised as a Mozilla Firefox Plugin has been detected in the wild. The e-threat, Trojan.PWS.ChromeInject.A, is downloaded to a Mozilla Firefox Plugin folder and is executed each time the user opens Firefox.
Trojan.PWS.ChromeInject.A filters data sent by the user to over 100 online banking websites. The banking websites include: bankofamerica.com, chase.com, halifax-online.co.uk, wachovia.com, paypal.com and e-gold.com. Users infected with Trojan.PWS.ChromeInject.A have their login credentials sent to a web address similar to [removed]eex.ru. Both the domain and the hosting server are located in Russia, which could indicate the origin of this e-threat.
�Users should be aware of the risks they are facing if such confidential information is stolen,� said Viorel Canja, head of BitDefender anti-virus lab.
MEDIA RELATIONS
[email protected]INDUSTRY ANALYST RELATIONS
[email protected]INVESTOR RELATIONS
[email protected]