Jump to content

Malicious Firefox Plugin

Recommended Posts

ALERT!!!! **** Warning Malware with a very different point of attack.**** ALERT!!!!

Mozilla Security Blog

About Mozilla Security

Malicious Firefox Plugin ( Password Stealing Application )

12.08.08 - 11:07am


A malicious piece of software masquerading as a legitimate and popular Firefox plugin is spreading. Trojan.PWS.ChromeInject.A collects a user’s passwords from banking and other sites and forwards them to a remote server.


If a user has been tricked into installing this plug-in, or had it installed through a separate vulnerability it may compromise passwords and the user’s accounts. This trojan is not Greasemonkey, even though it uses some of Greasemonkey’s internal IDs.


To check whether your computer is infected, look for “Basic Example Plugin for Mozilla” in the Plugin list by choosing Add-ons from the Tools menu in Firefox. Then choose Plugins. If you see this plugin, disable it.

Johnathan Nightingale blogged about it here: http://blog.johnath.com/2008/12/08/firefox-malware/


This issue was identified in the wild by BitDefender. Their analysis is here: http://news.bitdefender.com/NW900-en--BitD...pplication.html

Category: Firefox, Security |

Link to comment
Share on other sites

Understand - this is not a Firefox add-on, installed by the user. This comes hidden in some other download, you're not safe just because you haven't installed any Firefox add-ons lately. If you got tricked into downloading any insecure file, or already had a trojan that downloads other malware, this could have been installed on your computer (if you have Firefox).

Link to comment
Share on other sites

Exactly, Quote from Johnathan Nightingale's Blog, "The people getting infected here are either downloading enticing files that have the malware hiding inside (which is why Firefox 3 hands off all downloads to your computer’s virus scanner once downloaded) or, as some sites are reporting, people who have already been infected in the past having their computers forced to download this file as well."

"Typical Firefox 3 users who avoid downloading software they don’t trust are unlikely to ever see this, and even the sites reporting it describe its incidence as “rare”."

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Create New...