Firefox users are being warned over a rouge extension which is being used to capture online passwords from unsuspecting users.
The Trojan, which poses as a plug-in for the popular internet browser, sits hidden within the Firefox extensions file and is designed to monitor data exchange between a PC and a number of pre-defined websites – many of which are those of banking institutions in the UK, US and Europe.
The ChromeInject-A Trojan is typically downloaded onto Windows systems that have already been infected by some form of malware.
According to security experts, sensitive data exchanges are intercepted by the program, harvested and then send discreetly to a server based in Russia.
It is the second known Trojan to specifically target users of the Mozilla Firefox browser, which has grown to become the second most-used browser online with a 20% market share. Internet Explorer is the most popular with a 69.8% market share.
The browser is arguably the most successful form of “open source” software to have been released on a mass scale. As an open source program, unlike other browsers such as Internet Explorer and Opera, copies of Firefox are distributed free of charge with the software’s source code openly available to users, allowing them to customise the software and develop plugins and applications for it.
Whilst virus threats are rare, questions do remain over the security and reliability of many open source applications, making an up-to-date antivirus software program essential for any PC running open source applications.