Facebook’s enduring popularity means that
cybercriminals find it a tempting lure for their malicious misdeeds. A
newly-spotted phishing scam is no exception.
We came across a malware sample, which we detected as TSPY_MINOCDO.A.
The goal is to redirect users who visit Facebook to a spoofed page,
which claims to be a part of the social networking website’s security
check feature, even sporting the tagline “Security checks help keep
Facebook trustworthy and free of spam”.
It does this by redirecting all traffic to facebook.com and www.facebook.com to
the system itself (using the affected machine’s HOST file). This
ensures that the user can never reach the legitimate Facebook pages. At
the same time, the malware is monitoring all browser activity and
redirects the user to the malicious site.
Users eager to log into Facebook may fall
victim to this ruse, taking the ‘security check’ for face value. This
may result in them entering their details and thus exposing their credit
card accounts to cybercriminal infiltration.
Figure 1. Fake Facebook Security Page
Figure 2. Packets sending Credit Card information to the malicious server
Upon further analysis, we also discovered
that the malware performs DNS queries to several domain names. What
this means that the people behind this are prepared for server
malfunction and has a backup to continue stealing information.
In addition, unlike other social media
attacks which use fraudulent links, it is an executable which runs every
system startup. This poses a big threat to multiple users using an
affected system.
To stay safe and aware of these threats,
always keep in mind that social networking websites would never ask for
your credit card or online banking account details for verification.
Trend Micro protects you from this threat by blocking the domain hosting
this fraudulent webpage.
Source : Trend Micro Lab
.jpg)
0 comments:
Post a Comment