Criminals Have Compromised Tens Of Thousands Of Facebook Accounts
Criminals have compromised tens of thousands of Facebook accounts in the past few days using malware that masquerades as a paint program for relieving stress. "Relieve Stress Paint" is available through a domain that uses Unicode representation to show up as aol.net on search engines and in emails.
The researchers query showed the trojan was also available on a domain that was designed to appear as picc.com. The researchers suspect the malware is being promoted in spam emails.
Once installed, the malware acts as a legitimate paint program that changes colors and line size with each user click. Behind the scenes, it copies Chrome data that stores cookies and any saved passwords for previously accessed Facebook accounts. The interface also compiled any payment details tied to an account, the number of friends the account had, and whether the account was used to manage a page. The interface also included a section for viewing credentials for victims' Amazon accounts. The continues copy of Facebook credentials persist each time a target opens Relieve Stress Paint and each time the computer restarts.The data is sent to a command-and-control server.
Radware researchers were able to access the command server's interface, which showed that more than 40,000 computers had been infected by the malware in recent days. In the process, tens of thousands of Facebook accounts were compromised.
The malware was designed to copy the credentials in a way that wouldn't be detected by antivirus programs. The copying process, for instance, remained active for less than one minute.
Since then, more than 6,000 more infections have occurred.
The researchers query showed the trojan was also available on a domain that was designed to appear as picc.com. The researchers suspect the malware is being promoted in spam emails.
Once installed, the malware acts as a legitimate paint program that changes colors and line size with each user click. Behind the scenes, it copies Chrome data that stores cookies and any saved passwords for previously accessed Facebook accounts. The interface also compiled any payment details tied to an account, the number of friends the account had, and whether the account was used to manage a page. The interface also included a section for viewing credentials for victims' Amazon accounts. The continues copy of Facebook credentials persist each time a target opens Relieve Stress Paint and each time the computer restarts.The data is sent to a command-and-control server.
Radware researchers were able to access the command server's interface, which showed that more than 40,000 computers had been infected by the malware in recent days. In the process, tens of thousands of Facebook accounts were compromised.
The malware was designed to copy the credentials in a way that wouldn't be detected by antivirus programs. The copying process, for instance, remained active for less than one minute.
Since then, more than 6,000 more infections have occurred.
