The fake Trojan add-on Trojan is extremely dangerous

Security firm McAfee yesterday discovered a fake trojan as an add-on for the Firefox browser to break into users' systems.

Security firm McAfee yesterday discovered a fake trojan as an add-on for the Firefox browser to break into users' systems.

Keylogg both mouse and keyboard

In fact, the FormSpy trojan is a keylogger that monitors all mouse and keyboard operations to steal users' personal information such as online bank account login information and links. URL in Firefox browser .

Not only is this trojan capable of stealing passwords from other applications such as ICQ, FTP, IMAP and POP3 email traffic, said security vendor McAfee. Any collected information will be sent to the attacker's IP address.

Extremely sophisticated

The fake Trojan add-on Trojan is extremely dangerous Picture 1The fake Trojan add-on Trojan is extremely dangerous Picture 1 The trojan is part of a phishing campaign via email with electronic messages sent from the payment support office of global well-known retailer Wal-Mart, Craig Schmugar - a research expert of McAfee - said. " The emails sent in this phishing campaign contain an order number, so users can easily open those emails. If those emails are opened, the trojan will break into the system. and install two more of them - including a keylogger . "

However, the way the FormSpy trojan spreads and breaks into the system is also very different - this method can be said to be unique at this point, Schmugar said.

This trojan is fake as an additional application for open source Firefox browser. The fake FormSpy fact is the additional application Numberedlinks 0.9 - an additional application that allows users to access links by keyboard. FormSpy also uses some code of Numberedlinks to integrate fully into Firefox.

Typically, an additional Windows-based Firefox application usually displays a dialog box that allows users to confirm whether or not to install. However, the FormSpy trojan skipped that step. This trojan overrides all the information on the Firefox folder without warning the user. Users are infected without even knowing it is caused by an extra application. Even the Firefox browser confirms the application of this scam as a legitimate add-on and displays the list when accessing Tools | Extensions .

Additional? Too unsafe

Additional Firefox applications have long been considered poorly secure, especially when they do not have digital authentication. FormSpy's forgery will once again revive this issue.

" The trojan used a mechanism to get its code into the browser ," Schmugar said. " Mozilla should consider more about the security of additional applications ."

Hoang Dung

4 ★ | 2 Vote