Internet Explorer has for a long time been the target of malware authors using Browser Helper Objects (BHO’s) injected into the Browser to enable them to control, steal and generally subvert the user session of the browser user.

 

Now it seems a new breed of malware is being developed to target specifically Firefox using the Firefox extension architecture. This instance is known as ‘Trojan.PWS.ChromeInject.A’, it attempts to steal password information for various banking sites when used by Firefox users. 

 

Although Firefox contains mechanisms to protect against malware and installation of rogue Firefox extensions, this rogue extension is installed via the filesystem directly without going through the normal Firefox extension installation. In doing so, it registers itself using the GreaseMonkey name, thus pretending to be the popular extension of the same name to attempt to avoid raising the suspicions of the user.

 

This rogue extension has been raising a bit of discussion after first being discovered by BitDefender as detailed here, and there is a whole Slashdot bun fight here.