Malware steals Facebook users’ log-in details
Trojan horse discovered by ESET used fake Facebook log-in page to steal users credit card details through Texas HoldEm Poker accounts
Internet threat protection provider ESET, has discovered a social engineering trojan horse, which has managed to steal the login credentials of more than 16,000 Facebook users by creating a fake Facebook log-in page.
The malware then linked the stolen Facebook login details with the user statistics of Texas HoldEm Poker. If the Facebook user played Texas HoldEm Poker and was one of the people whose details were stolen, their credit card details could be accessed by the cyber-criminals.
The malware was then able to increase the users' credit in the game of poker. The game has a functionality that allowed users to replenish their chip values using real money by inputting the credit card details or using their PayPal account.
To gain the user's login credentials, an army of 800 of computers were used - all infected with the Trojan and controlled by the attacker.
Texas HoldEm Poker is a legitimate and very popular Facebook application by Zynga Inc and the application has a monthly share of 35 million active users.
ESET began studying the Trojan at the beginning of 2012 and ESET users were protected against it from December 2011.
"To protect against attacks relying on social engineering methods, having a good security solution is not enough, users should be attentive to any such ploys," said Róbert Lipovský, ESET Security Intelligence Team lead. "The user could recognise the fake Facebook login page if they checked the site's URL."
In case of a user without a credit card or low score, the infected computer received instructions to infect the victim's Facebook profile with a link to a phishing site. This site then lured the player's Facebook friends to a website resembling the Facebook homepage, where their log-in details were also harvested by the attacker.
While analysing this botnet ESET estimated that the attacker could gain access to a total of 16,194 login credentials.