Fake Facebook App Delivers Malware

Share it on Twitter  
Share it on Facebook  
Share it on Linked in  

Symantec researchers recently came across a phishing Web site that claimed to offer a Facebook app designed to show the user who had visited his or her Facebook profile (h/t Help Net Security).

The site offered visitors two ways to access the information: either enter their Facebook login credentials, or download the supposed app. In the former case, the attackers then had the victim's Facebook login info -- and in the latter case, the file downloaded was actually malware identified by Symantec as the Infostealer Trojan.

The malware adds executable files to the registry run key, sets up a keylogger that tracks everything the victim types, checks for Internet connectivity by pinging google.com, then sends it to the attacker's e-mail address. On the site that Symantec examined, however, the e-mail address hadn't been active for three months.

Regardless, the researchers write, the lessons are clear: check the URL of the Web site when logging into your account, don't click on suspicious links in e-mail messages, don't enter personal information in a pop-up window, and use comprehensive security software.