Malicious Firefox Plugin

Window Snyder


A malicious piece of software masquerading as a legitimate and popular Firefox plugin is spreading.  Trojan.PWS.ChromeInject.A collects a user’s passwords from banking and other sites and forwards them to a remote server.


If a user has been tricked into installing this plug-in, or had it installed through a separate vulnerability it may compromise passwords and the user’s accounts.  This trojan is not Greasemonkey, even though it uses some of Greasemonkey’s internal IDs.


To check whether your computer is infected, look for “Basic Example Plugin for Mozilla” in the Plugin list by choosing Add-ons from the Tools menu in Firefox.  Then choose Plugins. If you see this plugin, disable it.

Johnathan Nightingale blogged about it here:


This issue was identified in the wild by BitDefender.  Their analysis is here:–Trojan.PWS.ChromeInject.B.html