Bitdefender detects brand new password stealing approach

Bitdefender, an award-winning provider of antivirus software and data security solutions, announced today that a new type of password stealer has been detected in the wild.

Called by Bitdefender Trojan.PWS.ChromeInject.A, this e-threat is downloaded on a system by other malware into Mozilla Firefox’s Plugin folder and gets executed every time Firefox is started.

Upon further analysis it shows that the malware filters data sent by the user to one of over 100 online banking websites. Some of these websites are:
bankofamerica.com, chase.com, halifax-online.co.uk, wachovia.com, paypal.com
and e-gold.com. Users infected with Trojan.PWS.ChromeInject.A will have
their login credentials sent to a web address similar to [removed]eex.ru. Both
the domain and the hosting server are located in Russia, which could indicate
leads to the origins of this e-threat.

Users are advised to keep their security solutions up to date in order to be protected by such attempts.