Trojan horse phishes for bank accounts

ONLINE INSECURITY firm BitDefender has detected a new variant of phishing malware that targets only Firefox users.

The malicious chunk of code can infect a user's system either via a 'drive-by download' that exploits a browser vulnerability or with a 'download dump' through duping the wibbler into authorising its download.

Once downloaded, the little nasty disguises itself as a Firefox Add-On named Greasemonkey, which is the name of a widely recognised toolset of scripts used under Firefox. The Add-On runs whenever Firefox is operating.

BitDefender has named it as "Trojan.PWS.ChromeInject.A".

As its name suggests, the malware is a trojan horse. It uses JavaScript to filter website URLs that the user visits, looking for any of more than 100 banking, financial services and money transfer targets including online payments broker Paypal and institutions worldwide, such as Abbey National, Bank of America, Barclays, Chase, Wachovia, Washington Mutual, Wells Fargo, US Bank and dozens of others in Australia, France, Italy, Spain, the US and the UK.

When the trojan triggers on a website, it captures login IDs and passwords and forwards on the stolen account information to a server in Russia. µ

L'Inq
Infoworld