Social Networking Sites such as Facebook, Twitter have become increasingly popular, but so has security issues specific to these sites.
In the last year or so, we have seen many number of attacks on social networking sites with an aim of harvesting login credentials. Today malwares are written exclusively targetting social networking sites.
Security software vendor BitDefender is warning Facebook users to be on the lookout for a new malware variant that can easily snag login and password credentials to the popular social networking site, as well as those to any number of banking or online accounts. It’s called Facebook Hacker and it’s just the latest in a line of do-it-yourself malware kits that purport to make even the most amateur of hackers an instant expert in Facebook phishing.
According to an entry on BitDefender’s MalwareCity blog, the kit can be purchased online and is “intuitive” and easy to configure, requiring only a disposable email account and a password.
Beyond snatching and distributing users’ Facebook credentials, the Trojan delivered via the kit, which BitDefender has identified as Trojan.Generic.3576478, will also get its hands on any other credentials for other sites — banking, enterprise VPNs, etc. — and send those to the dummy email account established by the hacker.
“Once run, the malicious tool will snatch the victim’s Facebook account’s credentials, along with all the usernames and passwords that we carelessly ask the browser to remember for us … because Facebook Hacker also targets the Internet browser and instant messaging clients to pick up the entire list of ‘remembered’ identification data,” BitDefender’s Loredana Botezatu wrote in the blog entry.
DIY malware kits have become such a plague on the Internet that the FBI and other international authorities have made it a priority to track down and arrest those responsible for selling the kits, which range in price from a few hundred dollars to a few thousand dollars apiece.
Security software vendors recommend enterprises and consumers to make sure they’ve installed a regularly updated antivirus application on all PCs and mobile devices and to remember not to run files received as attachments or via instant messaging until they’ve been scanned. However, in the case of the new Trojan.Generic.3576478, the malware includes a list of antivirus and networking products that it can block or terminate if found running on the intended victim’s PC or mobile device.
Link to the story at https://www.esecurityplanet.com/news/article.php/3899281/DIY-Facebook-Malware-Kit-Digs-for-Login-Credentials.htm