Trojan Laden Firefox Update Lurking in the Wild

Scammers are circulating a fake Firefox email which claims to contain an update to the web browser but installs a password stealing Trojan instead.

According to a post on security firm Sophos’ Naked Security blog, the email claims to be from the open source web browser makers. For those who don’t know, the Firfox web browser updates itself automatically.

“A Firefox software update is a quick download of small amounts of new code to your existing Firefox browser,” the fake email reads. The cheeky email advises users to ‘update’ their web browser for the safest browsing experience.

The email contains a download link to an executable file which contains a Firefox downloader and a back door Trojan capable of stealing passwords. The security software maker has already identified the Trojan as ‘Troj/PWS-BSF’.

“Although we see some very sneaky social engineering tricks used by scammers and cybercriminals on occasions, designed to trick users into making unwise decisions, we also see some very basic attempts at online crime,” Graham Cluley, senior technology consultant at Sophos, wrote on the blog.

The company advised users not to click on links in emails that they receive from unknown sources.