Researchers at security firm Trusteer have discovered a modified version of the Ice IX malware which spoofs Facebook pages to grab credit card details and social security numbers.
They also found that the malware’s developers had released a “marketing” video to demonstrate how to use its web injection tool.
Such security incidences will be of particular concern to Facebook leading up to its initial public offering. Potential investors may be put off if the social networking giant cannot effectively clamp down on reputation-damaging malware and spam.
The new Zeus-based Ice IX configuration uses a web injection to create a fake Facebook page, on which a user is told to fill in his/her cardholder name, credit or debit card number, card identification number and card expiry date.
The spoof page reads: “In order to provide you with extra security, we occasionally need to ask for additional information. We need to verify your identity with a credit or debit card.”
Trusteer points out that in the “marketing” video, in which developers try to sell the web injection to fraudsters, the spoof may also ask for a user’s date of birth and social security number.
“This video illustrates the seamless sophistication of pre-built webinjects that are readily available for purchase on the internet,” Klein said. “It also demonstrates how accomplished criminals are at marketing their malware products.
“By attacking Facebook and other ubiquitous social networks fraudsters can tap a massive pool of victims. They can also use the information harvested from social network users to perpetuate fraud on multiple in fronts including online banking, retail, and even to penetrate enterprise and government networks.”
Think you know security? Test your knowledge with our quiz.
Snapchat parent Snap reports user growth, revenues in spite of tough competition, in what may…
Intel shares sag after company shares gloomy revenue predictions, as data centre chip demand hit…
Germany's Tuta Mail says Google broke EU's new DMA rules with March algorithm update that…
US auto safety regulator opens new investigation into adequacy of Tesla Autopilot recall, saying it…
Thoma Bravo agrees to acquire Darktrace for $5.32 billion in cash, delivering some welcome news…
Customer adoption of AI services embedded in cloud services continues to deliver results for Microsoft,…