Firefox Threat: “Rare” Malware Targeting Browsers

Firefox users, be warned: A “novel” and “rare” type of malware floating around the Web may try to steal your banking passwords directly through your browser.

The program, called Trojan.PWS,ChromeInject.A, looks like a regular Firefox plug-in once it gets into your system. In fact, it’ll show up in the browser as part of Greasemonkey, the fully legit and quite handy customization tool.

This bad boy, though, won’t do you any good. Researchers at BitDefender found the malware will automatically run every time you start Firefox, then use JavaScript to identify any of about 100 different banking and financial sites you might surf to. Bank of America, Wachovia, and even PayPal are said to be included. Once it sees you on one of those sites, it’ll snag your login info and password, then send it all to a server in Russia.

Most people are being bitten by the ChromeInject bug by either downloading a program they think is legit, or by the phenomenon known as “drive-by download,” in which an e-mail or Web site installs the program without the user’s knowledge.

Antivirus programs will likely add protection against the bug before long — BitDefender says it already has — but in the meantime, the smartest thing to do is to keep up your own safeguard. Mozilla’s official add-on site has no instances of the bug, researchers say. Mozilla has been extra vigilant in its add-on scanning since some questionable code was found in a Vietnamese language pack on its site back in May.

BitDefender