The Firefox browser, the second most popular among Internet users, has a built-in system to remember passwords: the browser offers to save the user's password every time he types his data to enter a personal account, whether email, social networks, etc.
If the user accepts, Firefox saves his password and the Internet user does not have to retype it until he decides to change it, then the message will appear again automatically.
This feature is very attractive to many cybercriminals, who create viruses that penetrate the password storage section and extract them to put them in the hands of their owners.
This time a malicious program has been detected that also takes advantage of this feature, but in another way: the program alters the code of the nsLoginManagerPrompter file.js, which is responsible for directing this feature. This allows the Trojan to directly and automatically save, without consulting the user, all passwords that are entered to enter personal accounts on the Internet and send them to the command and control server run by the cybercriminal.
"The keylogger Trojan is copied to the System32 directory in a file called Kernel.exe; there you leave and register an old, benign and despised Active X control called Microsoft Internet Transfer Control DLL, or msinet.ocx, which you use to communicate with your command and control server; then it creates a new user account (username: Maestro) on the infected system," said Andrew Brandt, an analyst at Webroot, the security company that warned about the problem.
The proud creator of the Trojan Trojan also included his signature and email address in the code: Salar Zeynali, [email protected]. According to Webroot analysts, Salixem is an Iranian virus writer who creates the programs for fun and shares them for free.
Sources:
Trojan Forces Firefox to Save Your Passwords Pc World
Mozilla Firefox trojan hacks browser to store passwords Infosecurity Magazine
Trojan overrides Firefox password-saving behavior Help Net Security
Author: Gabriela Villarreal
Source: Viruslist
Authors: Computer Security News
