Symantec researchers Avdhoot Patil and Daniel Regalado Arias reported uncovering the scam in a public blog post, warning the criminals are using the site to mount a two-pronged attack against their victims.
"The phishing site boasted that the application would enable users to view a list of people who visited their profile page. The site offered two options to activate the fake app. The first option was by downloading software containing the malware and the second was by entering user credentials and logging into Facebook," read the post.
"A message on the phishing page encouraged users to download the software that would allegedly send notifications to the user when someone visited their Facebook profile. If the download button was clicked, a file download prompt appeared. The file contained malicious content detected by Symantec as Infostealer. On the other hand, if user credentials were entered, the phishing site redirected to a legitimate Facebook page."
The researchers highlighted the use of the malware as particularly troubling as it has the potential to grant the criminals several espionage and data theft powers.
"Symantec analyzed the malware and found its behavior to be as follows: The malware consists of two executable files that both perform the same action. The files are added to the registry run key, which execute after every reboot. The malware sets up a keylogger in order to track anything that the victim types," read the post.
"Then, it will check if there is internet connectivity by pinging www.google.com. If there is connectivity, the malware will send all information gathered to the attacker's email address. Symantec observed that the email address has not been valid for three months and hence the malware is not able to send updates to the attacker at the moment."
Phishing attacks have been a growing problem facing UK Industry. Prior to the new attack's discovery Kaspersky Lab reported the number of phishing messages hitting UK web users has tripled over the last year, with crooks targeting an average of 3,000 Brits every day.
The sophistication of the attacks is also believed to be growing with criminals constantly creating new inventive ways to spread malware. Earlier in the year Sophos researchers reported uncovering a new phishing message loaded with a malicious Google Doc targeting Gmail users.
No comments:
Post a Comment