Security researchers warn of a new piece of malware that functions as an extension for the Mozilla Firefox browser. The rogue add-on intercepts Google search queries and injects advertisements into the results.
The new attack has been reported by analysts from antivirus vendor Trend Micro and seems to be motivated by illegal monetary gain through an advertising scheme. The threat combines techniques previously employed by different families of malware.
For a start, it comes under the form of a Firefox extension, which is rather uncommon. A similar computer trojan running as a Firefox extension, which was used to monitor user sessions and capture online banking credentials for over 100 financial institutions, was discovered back in December 2008.
Dubbed Trojan.PWS.ChromeInject by BitDefender researchers, the malicious extension was being deployed without the users' consent by other malware already present on the infected computers. In comparison, this new Firefox threat, which Trend Micro calls TSPY_EBOD.A, is using social engineering to trick users into installing it.
This new piece of malware is actually a click fraud trojan, which injects ads into Google search-result pages. When these ads are clicked, the trojan's authors are receiving a small fee from the advertising network supplying them. Back in July, we reported about a similar trojan, which hijacked queries performed through the default search boxes in Internet Explorer and Firefox and routed them through a custom Google search widget.
See also Firefox Keylogger Plugin