Malware steals Facebook users’ log-in details

Trojan horse discovered by ESET used fake Facebook log-in page to steal users credit card details through Texas HoldEm Poker accounts

Tags: Cyber crimeESET Middle East (Adaox Ltd)MalwareUnited Arab Emirates
  • E-Mail
Malware steals Facebook users’ log-in details Internet protection provider ESET has discovered a trojan that has stolen Facebook users' log-in details.
By  Georgina Enzer Published  January 30, 2013

Internet threat protection provider ESET, has discovered a social engineering trojan horse, which has managed to steal the login credentials of more than 16,000 Facebook users by creating a fake Facebook log-in page.

The malware then linked the stolen Facebook login details with the user statistics of Texas HoldEm Poker. If the Facebook user played Texas HoldEm Poker and was one of the people whose details were stolen, their credit card details could be accessed by the cyber-criminals.

The malware was then able to increase the users' credit in the game of poker. The game has a functionality that allowed users to replenish their chip values using real money by inputting the credit card details or using their PayPal account.

To gain the user's login credentials, an army of 800 of computers were used - all infected with the Trojan and controlled by the attacker.

Texas HoldEm Poker is a legitimate and very popular Facebook application by Zynga Inc and the application has a monthly share of 35 million active users.

ESET began studying the Trojan at the beginning of 2012 and ESET users were protected against it from December 2011.

"To protect against attacks relying on social engineering methods, having a good security solution is not enough, users should be attentive to any such ploys," said Róbert Lipovský, ESET Security Intelligence Team lead. "The user could recognise the fake Facebook login page if they checked the site's URL."

In case of a user without a credit card or low score, the infected computer received instructions to infect the victim's Facebook profile with a link to a phishing site. This site then lured the player's Facebook friends to a website resembling the Facebook homepage, where their log-in details were also harvested by the attacker.

While analysing this botnet ESET estimated that the attacker could gain access to a total of 16,194 login credentials.

Add a Comment

Your display name This field is mandatory

Your e-mail address This field is mandatory (Your e-mail address won't be published)

Security code