Firefox users, be warned: A “novel” and “rare” type of malware floating around the Web may try to steal your banking passwords directly through your browser.
The program, called Trojan.PWS,ChromeInject.A, looks like a regular Firefox plug-in once it gets into your system. In fact, it’ll show up in the browser as part of Greasemonkey, the fully legit and quite handy customization tool.
Most people are being bitten by the ChromeInject bug by either downloading a program they think is legit, or by the phenomenon known as “drive-by download,” in which an e-mail or Web site installs the program without the user’s knowledge.
Antivirus programs will likely add protection against the bug before long — BitDefender says it already has — but in the meantime, the smartest thing to do is to keep up your own safeguard. Mozilla’s official add-on site has no instances of the bug, researchers say. Mozilla has been extra vigilant in its add-on scanning since some questionable code was found in a Vietnamese language pack on its site back in May.