New Firefox malware attempts to steal passwords

By Justin Mann on December 4, 2008, 1:35 PM
Browser malware has generally targeted IE in the past, since it's the biggest target and doesn't exactly have a good reputation for security. That's one of the main reasons why Firefox has become as big as it has, with a worldwide market share around the 20% mark. That increase in usage has also made it become a bigger target, and now a new piece of malware has been identified that specifically targets Firefox.

The malware, called ChromeInject, holes up as an add-on in Firefox and identifies when you are visiting certain financial sites, like PayPal, to harvests usernames and password for those sites. Afterwards those logins get sent off to a remote server, where they are no doubt used to drain or transfer funds from people's accounts. Users still must visit a malicious or compromised site to become infected by this trojan, and security products are already being updated to detect it. One of the easiest steps to prevent infection is just to make sure any add-ons you install come from an official source, like Mozilla's repositories.

Even if the odds of infection are low, seeing harmful software written specifically for Firefox does demonstrate that it is now becoming large enough for people, including people with bad intentions, to take notice of it.




User Comments: 5

Got something to say? Post a comment
tekcurious said:
hunt down the person or group, have them hang or lock on a 4x4 cell dungeon for life.
keshava108 said:
duh, i wonder who wold have incentive to concoct this malware, surely not the makers of security products ;]. Good old capitalism at work
jeffclough said:
[b]Originally posted by keshava108:[/b][quote]duh, i wonder who wold have incentive to concoct this malware, surely not the makers of security products ;]. Good old capitalism at work[/quote]If you have more than the usual FUD to offer, make a direct accusation. We'd all be interested to hear what you know and can demonstrate to be true of the information security industry that might lead you to distrust it.Otherwise ... I wonder who might wish to think the worst of others. Surely not someone who would rather project his own darker tendencies outward than actually deal with them. Cynicism is just another type of credulity, one that feeds on guilt rather than innocence.
keshava108 said:
I directly accuse security experts of intentionally inventing malware, is that good enuff for u. Some r on the dark side and i am quite sure some r on the good side of the force.I was more thinking that the accumulation of wealth being the prime measure of one's class ie capitalism, (not the free market, which has nearly always existed regardless of politics) is a major factor in the ruin of higher principles.
purplelion said:
"One of the easiest steps to prevent infection is just to make sure any add-ons you install come from an official source"PLEASE NOTE: This virus installs itself as an add-on when Firefox starts without asking!I have searched through the various menus looking for a way to block it. Is there a way to block all add-ons or specific add-ons.
Load all comments...

Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.