The malware poses as a Firefox plugin and was designed to harvest baking login information every time the user enters certain sites included in the Trojan’s list. Collected data is later sent to a server somewhere in Russia.
According to Bitdefender, a quick check in the Firefox Plugins folder will be enough to reveal the infection. Users who do find one of the following files should definitely do their banking on another computer until they clean up the infected one:
– "%ProgramFiles%\Mozilla Firefox\plugins\npbasic.dll"
– "%ProgramFiles%\Mozilla Firefox\chrome\chrome\content\browser.js"
The new attack is quite new, with reports claiming that infections are at a “very low” level.