Tweet

Trend Micro threat analysts were alerted to the discovery of a spyware (detected as TSPY_EBOD.A) purporting to be an Adobe Flash Player update. Upon execution, the spyware creates a Firefox add-on called “Adobe Flash Player 0.2,” the installer of which uses JavaScript (detected as JS_EBOD.A) and appears to spread via forum posts.

The said add-on injects ads into the user’s Google search results pages. More disturbing, however, is its capability to monitor the user’s browsing activities, particularly his/her Google search queries using the Firefox browser. It then sends the information it gathers to http://{BLOCKED}jupdate.com.

We have seen a lot of malware target Internet Explorer in the past. This is probably one of the reasons why a huge number of users are opting to use alternative browsers such as Firefox, Chrome, Safari, and Opera instead. Though this used to be considered a safe computing practice, it seems it no longer is with the proliferation of malware targeting the most popular alternative Internet browser—Firefox.

Users should be wary, as always, of downloading updates from unknown sources. They should also note that no browser is safe from malicious attacks, as cybercriminals will do just about anything to infect users with their malicious code.

The Trend Micro Smart Protection Network already detects and consequently blocks the malicious code from running and the malicious add-on from being downloaded so Trend Micro product users need not worry.