Tuesday, January 29 10:20:12
Irish Web security firm ESET said it has discovered a social engineering trojan horse that has managed to steal the login credentials of more than 16,000 Facebook users.
The focus of the malware was on stealing personal Facebook (FB) login details and linking these with the user statistics of Texas HoldEm Poker, in case the victim plays this game.
The detection stats of ESET have shown that the threat was mainly spreading in Israel. It needs to be added that the targeted application is a legitimate and very popular FB application by Zynga Inc. According to AppData, the application has a monthly share of 35 million active users, it said.
As the detection stats have shown that the threat disseminated primarily in Israel, ESET has contacted Israeli CERT (Computer Emergency Response Team) as well as Israeli police in early 2012. During the investigation we could not provide any details about this threat publicly and presently this threat has been deactivated.
The attacker used the malware to gain the user's FB login credentials, his/her score in the game, as well as information on the amount of credit cards stored in his/her Facebook settings and available to increase the credit in the game of poker. The game had a functionality that allowed replenishing the chip value using real money by inputting the credit card details or PayPal account. To gain the user's login credentials, an army of 800 of computers were used - all infected and controlled by the attacker. These machines were executing commands from the C and C (Command and Control) server. The creator of the threat has launched an attack using the login credentials of several FB accounts, which were gained ahead of time.
To protect against attacks relying on social engineering methods, having a good security solution is not enough, users should be attentive to any such ploys. The user could recognise the fake FB login page if he/she would check the site's URL.