A new credential-stealing trojan is making the rounds and is spreading through Facebook and Yahoo’s instant messaging features.

Researchers at Bitdefender discovered the malware and have indicated that a wave of infections have hit various countries including the UK, Germany, Denmark, France, Romania, Canada, and the U.S., according to a release by the anti-virus provider.

Dubbed Gen:Variant.Downloader.167, the malware surfaces as a message on Facebook instant messaging or Yahoo Messenger that politely asks “I want to post these pictures on Facebook, do you think it’s OK?” The message is accompanied by a malicious Dropbox or Fileswap URL that if selected executes the malware and creates a folder with a random name and an “.exe” extension.

In addition to stealing usernames and passwords, attackers can have the trojan download additional malware through orders sent from command and control servers.