The malware, which BitDefender dubbed "Trojan.PWS.ChromeInject.A" sits in Firefox's add-ons folder, said Viorel Canja, the head of BitDefender's lab. The malware runs when Firefox is started. The malware uses JavaScript to identify more than 100 financial and money transfer Web sites, including Barclays, Wachovia, Bank of America and PayPal, along with two dozen or so Italian and Spanish banks. When it recognizes a Web site, it will collect log-ins and passwords, forwarding that information to a server in Russia.

Full Article