Alerts

BitDefender detects brand new password stealing approach

A password stealing application, disguised as a Firefox Plugin, filters sent login credentials.

Normal
0

21

false
false
false

DE
X-NONE
X-NONE

MicrosoftInternetExplorer4

/* Style Definitions */
table.MsoNormalTable
{mso-style-name:”Table Normal”;
mso-tstyle-rowband-size:0;
mso-tstyle-colband-size:0;
mso-style-noshow:yes;
mso-style-priority:99;
mso-style-qformat:yes;
mso-style-parent:””;
mso-padding-alt:0cm 5.4pt 0cm 5.4pt;
mso-para-margin:0cm;
mso-para-margin-bottom:.0001pt;
mso-pagination:widow-orphan;
font-size:11.0pt;
font-family:”Calibri”,”sans-serif”;
mso-ascii-font-family:Calibri;
mso-ascii-theme-font:minor-latin;
mso-fareast-font-family:”Times New Roman”;
mso-fareast-theme-font:minor-fareast;
mso-hansi-font-family:Calibri;
mso-hansi-theme-font:minor-latin;
mso-bidi-font-family:”Times New Roman”;
mso-bidi-theme-font:minor-bidi;}

BitDefender, an award-winning
provider of antivirus software and data security solutions, announced today that a new type of password stealer has been detected in the wild.

Called by BitDefender Trojan.PWS.ChromeInject.A, this
e-threat is downloaded on a system by other malware into Mozilla Firefox’s
Plugin folder and gets executed every time Firefox is started.

Upon further analysis it shows that the malware filters data sent by the user to one of over 100 online banking websites. Some of these websites are:
bankofamerica.com, chase.com, halifax-online.co.uk, wachovia.com, paypal.com
and e-gold.com. Users infected with Trojan.PWS.ChromeInject.A will have
their login credentials sent to a web address similar to [removed]eex.ru. Both
the domain and the hosting server are located in Russia, which could indicate
leads to the origins of this e-threat.

Users are advised to keep their security solutions up to date in
order to be protected by such attempts.