New banking threat disguised as Firefox add-on

A new type of password-stealing Trojan which is disguised as a Firefox add-on has been discovered by security company BitDefender.

Trojan.PWS.ChromeInject.A downloads to the Mozilla Firefox folder when the browser is opened and filters data sent by the user to over 100 different online banking websites.

These include bankofamerica.com, chase.com, Halifax-online.co.uk, Wachovia.com, paypal.com and e-gold.com.

Once the user is infected, their login credentials are sent to a particular web address, with BitDefender stating that the domain and hosting server were located in Russia.

It has been reported that the malware disguises itself as Greasemonkey, a program which customises the way a webpage displays using JavaScript.

"Users should be aware of the risks they are facing if such confidential information is stolen," said Viorel Canja, head of BitDefender anti-virus lab.