Account-hijacking Trojan spreads via Facebook messages
Posted on 12.03.2014
Private messages delivering what seems to be an image are spreading like wildfire on Facebook, as the file in question triggers the download of a Trojan that compromises the victims' computer and Facebook account to spread the malware further.

The infection chain starts like this: the victim sees the message from a friend that simply states "LOL" and includes the "image":

Unfortunately, the ZIP file in question contains a Java JAR file of the same name that, when run, downloads the actual malware from a remote Dropbox account.

The two aforementioned files are not malicious per se, but the third one is - it's a Trojan that injects itself into legitimate processes currently running on the victims’ system.

According to Malwarebytes' Adam Kujawa, it's still unkown what the Trojan does except compromise the victims' Facebook account, but if we go by the results on VirusTotal, it could be a variant of the infamous Zusy banking Trojan.

"The origin of the threat is also currently under investigation however some of the text found within the Java file leads us to believe it was developed by someone who speaks Greek," noted Kujawa.

Users are advised not to open automatically similar files received from Facebook friends, but to ask them first if they were the ones who sent it.

"If they don’t respond or they say ‘I dunno, I didn’t send that’ then go ahead and suggest your friend run an AV scan and change their Facebook passwords, in that order," he advises.

The malware affects only computers running Windows, so if you accessed your Facebook account and tried to open the file via your mobile phone or Mac, you're in the clear.


The context-aware security lifecycle and the cloud

Posted on 25 November 2014.  |  Ofer Wolf, CEO at Sentrix, explains the role of the context-aware security lifecycle and illustrates how the cloud is shaping the modern security architecture.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.


Wed, Nov 26th