Sign in to follow this  

Malicious Firefox Plugin ( Password Stealing Application

Recommended Posts

ALERT!!!! **** Warning Malware with a very different point of attack.**** ALERT!!!!

Mozilla Security Blog

About Mozilla Security

Malicious Firefox Plugin ( Password Stealing Application )

12.08.08 - 11:07am


A malicious piece of software masquerading as a legitimate and popular Firefox plugin is spreading. Trojan.PWS.ChromeInject.A collects a user’s passwords from banking and other sites and forwards them to a remote server.


If a user has been tricked into installing this plug-in, or had it installed through a separate vulnerability it may compromise passwords and the user’s accounts. This trojan is not Greasemonkey, even though it uses some of Greasemonkey’s internal IDs.


To check whether your computer is infected, look for “Basic Example Plugin for Mozilla” in the Plugin list by choosing Add-ons from the Tools menu in Firefox. Then choose Plugins. If you see this plugin, disable it.

Johnathan Nightingale blogged about it here:


This issue was identified in the wild by BitDefender. Their analysis is here:

Category: Firefox, Security |

Share this post

Link to post
Share on other sites

Wow, scary stuff. This should probably be posted in the Security Alerts section, I think it would probably get more notice there.

Share this post

Link to post
Share on other sites

And why are we all using Firefox?

Security by Obscurity!

Seems like every Firefox fanboy is proud that it is occupying ~25% of the browser market and rapidly increasing; however the irony is that with more popularity, Firefox becomes a bigger target!

Does that mean we should switch to a niche browser?

Share this post

Link to post
Share on other sites

I dunno, but your point about obscurity is certainly valid. I use IE7 myself, but hardly in it's default configuration as you can tell by my signature. I haven't had a single infection since I went to Vista, but that's only partially due to Vista itself. I surf cautiously, don't use myspace, facebook, limewire or IM programs, don't open emails from peeps I don't know and don't open forwarded emails from peeps I do know (and most of them know better than to send them to me by now). But I don't trust in any one program/technology or practice to keep me safe, it's a combination that I must maintain, and of course I don't use Java either (no Vundo/Virtumonde for me, thank you). My method is paranoid, but it works and with the right mix of security software, it's light on resources too.

Share this post

Link to post
Share on other sites

This is a quote from the Johnathan Blog the Link to it was provided in initial post, Does This Mean that Firefox is Insecure?

No, and here’s why:

"This particular malware targets our program, but once you have malicious software running on your system, it can just as easily attack other programs, or harm your computer in other ways. '

'This isn’t contracted by just browsing around the web with Firefox 3. In fact, the Malware Protection features in Firefox 3 are designed specifically to prevent sites from being able to attack your computer. "

"The people getting infected here are either downloading enticing files that have the malware hiding inside (which is why Firefox 3 hands off all downloads to your computer’s virus scanner once downloaded) or, as some sites are reporting, people who have already been infected in the past having their computers forced to download this file as well. '

"Typical Firefox 3 users who avoid downloading software they don’t trust are unlikely to ever see this, and even the sites reporting it describe its incidence as “rare”.

Share this post

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

  • Recently Browsing   0 members

    No registered users viewing this page.