The competition for dominance among Web browsers continues to escalate, and this point is not lost on cyber criminals who are always on the lookout for any possible method to infect more victims in order to achieve their goals.
Trend Micro has received reports that Mozilla Firefox has recently been targeted by malware we detect as TROJ_DROP.BP.
This Trojan appears to be somewhat rare as it targets Firefox specifically. It arrives on systems posing as a browser add-on (or plug-in, depending on your terminology).
TROJ_DROP.BP checks to see if Firefox is installed in a computer, and if it is, the Trojan creates a folder where it drops the files browser.js and npbasic.dll.
The spyware TSPY_AGENT.AYH is also dropped in another location in affected PCs. It runs JS_AGENT.ACVB on Firefox to facilitate its information stealing routines. Once executed on systems, it monitors the browsing activities of the victim while they are browsing.
The spyware does this by watching for certain strings – related to online banking websites – entered in a Firefox address bar. When victims access certain sites that have targeted said strings, the spyware harvests the credentials keyed in by the victim when the login in to targeted banking Web sites.
The stolen information is then sent to a remote malicious website.
The growing number of Firefox users also gives cyber criminals, especially those behind this particular threat, a wider target base.
Computerworld reports that the market share of Firefox at the end of November was at 20.8%, an increase of 0.8 percentage points from the previous month. Internet Explorer on the other hand saw its share drop to 69.8% from October’s 71.3%.
The Trend Micro Smart Protection Network already protects users from TROJ_DROP.BP, TSPY_AGENT.AYH, and JS_AGENT.ACVB. It also provides solutions for the cleanup and removal of these said malware. Firefox users are advised to refrain from downloading add-ons or browser plugins from unknown and untrusted sources. The safest practice is to go to the Firefox website to check if indeed there are updates.