Trojan Posing as Firefox Plug-in Harvests Logins

[unni]

Virus writers have latched onto the popularity of Firefox with a new variant on the established practice of stealing online banking passwords.
A password pinching Trojan that poses as a Firefox Plugin is doing the rounds, Romanian security firm BitDefender warns. ChromeInject-A is typically downloaded onto Windows PCs already compromised by other strains of malware.
Once installed, the Trojan sits in Firefox's Plugin folder, activating every time the popular browser is started. The backdoor code looks for data exchanged between a compromised machine and a list of pre-programmed banking sites in Europe, Australia and the US.
Harvested login credentials are captured and subsequently posted to a server located in Russia.

Source: *www.theregister.co.uk/2008/12/04/firefox_plug_in_trojan/

 

[chandru.in]

ChromeInject-A is typically downloaded onto Windows PCs already compromised by other strains of malware.

I need not worry then!

 

[Vishal Patil]

same here, I use Linux.
poor Windoze..

 

[thewisecrab]

Woah!
Looks like FF has got Windows fever.

 

[unni]

New trojan targets Firefox, masquerades as Greasemonkey

Firefox's broad support for plug-ins and extensions has always been a major feature of the browser, particularly back in the days of IE6. The the browser's enduring popularity has finally caught the eye of malware authors, as a trojan is now targeting Firefox specifically

BitDefender has identified this new bit of holiday cheer as Trojan.PWS.ChromeInject.A" (the ChromeInject suffix refers to the Chrome component of Firefox). The trojan installs itself into Firefox's add-on directory, registers itself as Greasemonkey, and begins searching your hard drive for passwords, login details, your World of WarCraft account information, and your library card number.

Please note, this trojan is not actually the Greasemonkey add-on, and only identifies itself as such. Mozilla has confirmed that the official Greasemonkey release contained within Mozilla's own extension repository (and available here) is malware-free. If you're currently using Greasemonkey or are interested in doing so, there's no reason to avoid the legitimate add-on at this time, so long as you download it from Mozilla's page or an equally trusted source.

*arstechnica.com/news.ars/post/20081205-new-trojan-targets-firefox-masquerades-as-greasemonkey.html

 

[Krazzy Warrior]

huh nice

 

[JojoTheDragon]

I don't need to worry cause I use Safari the most unwanted browser

 

[phreak0ut]

How do we know if it is installed or not? Are the plugins still being hosted on the addons site?

 

[chandru.in]

The trojan installs itself into Firefox's add-on directory

How does it get itself into that directory? Does it exploit a vulnerability in FF or does it exploit a vulnerability in another browser or underlying OS? Or does it enter there through social engineering tricks?

Is there any article shedding some light on this?