Account-hijacking Trojan spreads via Facebook messages
Posted on 12.03.2014
Private messages delivering what seems to be an image are spreading like wildfire on Facebook, as the file in question triggers the download of a Trojan that compromises the victims' computer and Facebook account to spread the malware further.

The infection chain starts like this: the victim sees the message from a friend that simply states "LOL" and includes the "image":

Unfortunately, the ZIP file in question contains a Java JAR file of the same name that, when run, downloads the actual malware from a remote Dropbox account.

The two aforementioned files are not malicious per se, but the third one is - it's a Trojan that injects itself into legitimate processes currently running on the victimsí system.

According to Malwarebytes' Adam Kujawa, it's still unkown what the Trojan does except compromise the victims' Facebook account, but if we go by the results on VirusTotal, it could be a variant of the infamous Zusy banking Trojan.

"The origin of the threat is also currently under investigation however some of the text found within the Java file leads us to believe it was developed by someone who speaks Greek," noted Kujawa.

Users are advised not to open automatically similar files received from Facebook friends, but to ask them first if they were the ones who sent it.

"If they donít respond or they say ĎI dunno, I didnít send thatí then go ahead and suggest your friend run an AV scan and change their Facebook passwords, in that order," he advises.

The malware affects only computers running Windows, so if you accessed your Facebook account and tried to open the file via your mobile phone or Mac, you're in the clear.


Harnessing artificial intelligence to build an army of virtual analysts

PatternEx, a startup that gathered a team of AI researcher from MIT CSAIL as well as security and distributed systems experts, is poised to shake up things in the user and entity behavior analytics market.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Thu, Feb 4th