- Jan 24, 2011
- 9,379
According to reports from the cyber criminal underground, the latest version of the SpyEye trojan comes with form grabbing support for Google Chrome and Opera, two browsers largely untouched by malware so far.
Brian Krebs has published a screenshot taken from the trojan's latest "builder" version and it has checkboxes for the anti-Rapport and Firefox webinjects plugins, as well as for Opera and Chrome form grabbers.
These two new components are aimed at stealing information typed into web forms and while this is not as advanced as injecting code into displayed web pages, it represents a serious attack against users who believe that using alternative browsers keeps them safe.
It's not yet entirely clear how these new form grabbers work, whether the malware hooks into the browsers' DLLs or is using extensions.
The hooking approach seems more likely because the APIs available to Chrome and Opera extensions are limited. In addition, only version 11 of Opera supports extensions.
More details - link
Brian Krebs has published a screenshot taken from the trojan's latest "builder" version and it has checkboxes for the anti-Rapport and Firefox webinjects plugins, as well as for Opera and Chrome form grabbers.
These two new components are aimed at stealing information typed into web forms and while this is not as advanced as injecting code into displayed web pages, it represents a serious attack against users who believe that using alternative browsers keeps them safe.
It's not yet entirely clear how these new form grabbers work, whether the malware hooks into the browsers' DLLs or is using extensions.
The hooking approach seems more likely because the APIs available to Chrome and Opera extensions are limited. In addition, only version 11 of Opera supports extensions.
More details - link
