Firefox users hit by password-stealing Trojan

Mozilla Firefox users are being targeted by a new Trojan that steals online banking passwords.

According to security researchers at BitDefender, Trojan.PWS.ChromeInject.A identifies banking and money transfer websites such as Barclays and PayPal though JavaScript, and then collates the logins and passwords before forwarding them to server in Russia.

The malware, which is being spread by drive-by downloads or by duping users into downloading it, is stored in the Firefox add-on folder and is registered as 'Greasemonkey', which are scripts that add extra functionality to Firefox. It starts working as soon as the browser is opened.

However, the malware is not being obtained from Mozilla's official Firefox add-on site and the software manufacturer ensures all new add-ons are scanned for threats before being published.

Viorel Canja, the head of BitDefender's lab, explained that Firefox's increasing market share may be one reason why malware authors are targeting the browser.

Canja urged Firefox users worried about the Trojan to only download signed, verified software.

Visit Security Advisor for the latest internet threat news, FREE net threat email newsletters, and internet security products

Visit Broadband Advisor for the latest internet news, reviews, tips & tricks - and to take advantage of PC Advisor's unique, independent Broadband Speed Tester

Submit to:Digg Slashdot Del.icio.us Reddit

• FREE email newsletters. Get news, reviews and features straight to your inbox
• For videos of the latest products, visit PC Advisor TV
• Sign up for RSS to get the latest news and reviews, direct to your desktop
• Get PC Advisor news, reviews and blogs on your website for free

Latest technology news:

• Cisco free iPhone app grabs security feeds
• Intel investor wants company bosses to pay fines
• Supercomputers can combat climate change, says Al Gore
• Microsoft, Linux rivals mock Google Chrome OS
• Chip makers push Google Android devices