Incident Response, Malware, TDR, Threat Management

Facebook phishing attack preys on users desiring to know profile viewers

Want to know who is visiting your Facebook page? You can't – and even though that point is reinforced on the social media giant's help page, it has not stopped some clever phishers from trying to trick people into thinking there is a new way of doing it.

Security software company Symantec has discovered a type of ruse that preys on Facebook users who want to do a little reverse-stalking, according to a recent blog post. The phishing attack is clever in that it goes for social media login credentials in two different ways.

The first option asks users to enter their login credentials into the faux website, which is designed to look similar to the official Facebook website. According to the post, if information is entered, the data will be sent to the attackers and users will be redirected to a legitimate Facebook page.

The tricksters encourage the second option: downloading a piece of software that is actually a trojan known as Infostealer. The incentive offered by the phishers for choosing this option is that users will also be alerted when people view their profiles.

The malware was analyzed by Symantec, according to the post, and it was noted that the two downloaded Infostealer files are added to the registry run key and executed after every reboot. A keylogger is also established to record everything that is typed.

The malware will also test for an internet connection by pinging to www.google.com. If there is, the malware will send purloined information to an email address belonging to the attacker. The email address has been invalid for three months, the post said, so while the malware is not currently sending updates to the phishers, that could change at any time.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.