Facebook phishing attack preys on users desiring to know profile viewers

Share this article:

Want to know who is visiting your Facebook page? You can't – and even though that point is reinforced on the social media giant's help page, it has not stopped some clever phishers from trying to trick people into thinking there is a new way of doing it.

Security software company Symantec has discovered a type of ruse that preys on Facebook users who want to do a little reverse-stalking, according to a recent blog post. The phishing attack is clever in that it goes for social media login credentials in two different ways.

The first option asks users to enter their login credentials into the faux website, which is designed to look similar to the official Facebook website. According to the post, if information is entered, the data will be sent to the attackers and users will be redirected to a legitimate Facebook page.

The tricksters encourage the second option: downloading a piece of software that is actually a trojan known as Infostealer. The incentive offered by the phishers for choosing this option is that users will also be alerted when people view their profiles.

The malware was analyzed by Symantec, according to the post, and it was noted that the two downloaded Infostealer files are added to the registry run key and executed after every reboot. A keylogger is also established to record everything that is typed.

The malware will also test for an internet connection by pinging to www.google.com. If there is, the malware will send purloined information to an email address belonging to the attacker. The email address has been invalid for three months, the post said, so while the malware is not currently sending updates to the phishers, that could change at any time.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS

More in News

Skills in demand: Communications and messaging experts

Skills in demand: Communications and messaging experts

The demand for infosec-focused communications and messaging pros is growing.

Company news: New execs at Malwarebytes and an acquisition by VMware

The latest mergers and acquisitions and personnel moves, including Malwarebytes, Abacus Group, VMware, Bay Dynamics, vArmour, Secunia, Norse and more.

Bridging the talent gap in health care

Bridging the talent gap in health care

Cybercriminals are primarily after patient data as it really gets them more money.