Firefox Users Beware of New Malware

by on 12/05/2008 in Computers, Internet

Make sure your antivirus definitions are updated as many vendors will have an update for this malware quickly.

Researchers at BitDefender have discovered a new type of malicious software that collects passwords for banking sites but targets only Firefox users.

The malware, which BitDefender dubbed “Trojan.PWS.ChromeInject.A” sits in Firefox’s add-ons folder, said Viorel Canja, the head of BitDefender’s lab. The malware runs when Firefox is started.

The malware uses JavaScript to identify more than 100 financial and money transfer Web sites, including Barclays, Wachovia, Bank of America, and PayPal along with two dozen or so Italian and Spanish banks. When it recognizes a Web site, it will collect logins and passwords, forwarding that information to a server in Russia.

Firefox has been continually gaining market share against main competitor Internet Explorer since its debut four years ago, which may be one reason why malware authors are looking for new avenues to infect computers, Canja said.

Users could be infected with the Trojan either from a drive-by download, which can infect a PC by exploiting vulnerability in a browser, or by being duped into downloading it, Canja said.

When it runs on a PC, it registers itself in Firefox’s system files as “Greasemonkey,” a well-known collection of scripts that add extra functionality to Web pages rendered by Firefox.

BitDefender has updated its products to detect it, and other vendors will likely follow suit quickly, Canja said. Users could avoid it by only downloading signed, verified software, but that’s a measure that restricts the usability of a PC, he said.


18 Responses to “Firefox Users Beware of New Malware”

  1. Geoserv

    Dec 5th, 2008


    Thanks for the heads up.

  2. Anto

    Dec 5th, 2008

    I wasn’t aware of that, thank you for the advice as I am using firefox more and more.

  3. Frank J

    Dec 5th, 2008


    You’re welcome and that’s why TechJaws is here to inform our readers. Hope to see you visit soon!

  4. Frank J

    Dec 5th, 2008


    As always thank you!

  5. DemoGeek

    Dec 6th, 2008

    Allowing the browser to extend its functionality is a great thing that made Firefox stand out…but it comes with a price I guess. We need to be a bit more careful when downloading or installing plugins. It’s scary that how they exploit to act as a well-known Greasemonkey script.

    Thanks for sharing this.

  6. Frank J

    Dec 6th, 2008

    You’re right, it’s scary especially when you know a program that you think is safe.

  7. JudgeRight

    Dec 12th, 2008

    Good information, thank you for posting. I hit SU immediately so hopefully friends will take note of it.

    • Frank J

      Dec 12th, 2008


      Thank you and thank you for stumbling the post!

  8. 23dornot23d

    Dec 12th, 2008

    I hope you are sure that what you have written about greasemonkey is correct …..

    Bitdefender says its a dll problem file …..

    According to what we have just found in a forum ..

    The links are there to follow …..

  9. 23dornot23d

    Dec 12th, 2008

    I cannot see where it mentions greasemonkey …. and the chances of it running in linux are very slim ….

    Firefox runs in linux ….

    It would seem strange …. but the only way to run it in linux would be to emulate a windows environment using wine.

    If you know any more information please post again on the stumbleupon thread below …..

    • Frank J

      Dec 12th, 2008

      Greasemonkey was the target app and it has been confirmed with ZDNet and other media resources.

  10. 23dornot23d

    Dec 12th, 2008

    Ok cheers for that …..

    Here’s a follow up …

    From the report ….

    Presence of the:
    “%ProgramFiles%\Mozilla Firefox\plugins\npbasic.dll”
    “%ProgramFiles%\Mozilla Firefox\chrome\chrome\content\browser.js”
    files in the Mozilla Firefox’s plugins and chrome folders.

    It drops an executable file (which is a Firefox 3 plugin) and a JavaScript file (detected by Bitdefender as: Trojan.PWS.ChromeInject.A) into the Firefox plugins and chrome folders respectively.

    Checks may be needed to see if similar version of the code can run in linux ….

    Will the following files run in linux ?
    (using wine ? will a .dll run in linux !!!)
    Can the virus work without the .dll running ?

    Is there another version that works within Linux ?

    Does anybody know – if it as been checked out yet ?

    Thanks for the reply and information ……. Frank J

    • Frank J

      Dec 12th, 2008

      I appreciate that info and know many others who visit will also. Hey you blog? I am looking for a tech writer, and I like a person who can research info and provide the best content for

  11. 23dornot23d

    Dec 12th, 2008

    Cheers for that …. have posted it on a couple of linux Forums too …. hopefully I will get a response from them.

    Linux Forums and

    Cheers for the offer ….
    (am retired now – too much stress lols)

    • Frank J

      Dec 12th, 2008

      Thank you and god bless to retirement!

  12. betsy

    Dec 17th, 2008

    thanks for the head up, ill have to do a complete system scan tonight with my avast.

    • Frank J

      Dec 18th, 2008

      You’re very welcome and thank you for stopping by! Hope to see you soon.

  13. Sunny

    Jan 13th, 2009

    Solution from Search-and-destroy.
    If you own a computer, you must have antispyware to keep it running at its best. The problem is choosing a scan that works. I have tried many different types of scans in the past and then I ran across Search-and-destroy Antispyware. I have to say that the antispyware solution from Search-and-destroy is the best that I have used to date. It gets the job done and keeps my computer working like new. If you are interested in seeing for yourself just how good this antispyware works you can click on to learn more. I’m sure it would be worth your time to check it out.