A Trojan masquerading as a Mozilla Firefox plugin to steal online bank passwords has been found by Romanian security firm BitDefender.
Trojan.PWS.ChromeInject is intended to be delivered onto compromised computers by other malware. It then sits in Firefox's Plugin folder, running every time the browser is started.
The Trojan uses a JavaScript file to filter data sent by users to over 100 banking sites, including Bank of America, Barclays, Lloyds TSB, Halifax and Wachovia as well as e-payments site PayPal. The stolen passwords are then sent to a server in Russia.
Although BitDefender says the Tojan causes "very high" levels of damage, incidents are "very low".
Viorel Canja, head, anti-virus lab, BitDefender, says: "Users should be aware that without the appropriate security solution, the integrity of their systems is at an extremely high risk."