A recently uncovered malware attack targeting Facebook users has claimed nearly 10,000 victims in just under two days, with countries in South America and Europe among the hardest hit.
Between 24 and 27 June, thousands of Facebook users were targeted by phishing messages purporting to come from a “friend”, claiming to have mentioned the targeted users on Facebook. However, the message had in fact been initiated by attackers instigating a two-stage attack.
The malware was uncovered by a security researcher at Kaspersky Lab, pointing to a two-stage malware that includes a Trojan.
The first stage sees the Trojan downloaded onto a target’s computer, along with a malicious Chrome browser extension among other harmful malware. The second, sees the extension and the Trojan enabled, thereby taking over the target’s Facebook account after the victim logs into the social network using the compromised Chrome browser.
The two day phishing spree was observed by Kaspersky, who noted nearly 10,000 infection attempts around the world. The countries most affected, by order of malware distribution from highest were Brazil, Poland, Peru, Colombia, Mexico, Ecuador, Greece, Portugal, Tunisia, Venezuela, Germany and Israel.
Notably, Windows-based Facebook users were at the highest risk, along with some using Windows OS phones. However, Android and iOS users were immune as the malware used incompatible libraries.
Compromising your Facebook Account
An attack, when successful, gave the attacker comprehensive control over a user’s Facebook account. An attacker gained the means to change privacy settings, steal data and even spread the infection to the victim’s Facebook friends. To safeguard itself, the malware also attempted to black-list access to certain websites through the browser, including the ones belonging to cybersecurity firms.
Ido Naor, a senior security researcher at Kaspersky Lab stated in a blog:
Two aspects of this attack stand out. Firstly, the delivery of the malware was extremely efficient, reaching thousands of users in only 48 hours.
Secondly, the response from consumers and the media was almost as fast. Their reaction raised awareness of the campaign and drove prompt action and investigation by the providers concerned.
For its part, Facebook has mitigated the threat and is employing effective blocking methods to curb the spread of the malware from infected computers. Furthermore, Google has removed a malicious extension from the Chrome store.
Users are advised to check their Chrome browser to look for rogue, unknown extensions.