Trusteer researchers released the details of a sophisticated new malware attack targeting Facebook users. The goal of the Ice IX malware scheme is to steal credit card information and personal account information. This is accomplished by using a web injection cycle to display a malicious web page in the victim’s browser.
The form tries to obtain cardholder name, credit card number, expiration date, CID and billing address. Users are advised this form must be completed to verify their identity and to further secure their Facebook account. Once a user falls for the scheme, the form data is delivered to the malware authors using an instant messaging script. This is especially dangerous since it allows for immediate account access.
Check out their blog post to see an example of the rogue form in action and to see a walkthrough of a marketing video discovered in underground forums. The scammers use this video to showcase how web injection attacks are perpetrated. According to Amit Klein, the video:
- “illustrates the seamless sophistication of pre-built webinjects that are readily available for purchase on the Internet.”
- demonstrates sophisticated marketing techniques used by cyber criminals in marketing malware delivery products.
- highlights how scammers are moving away from online banking schemes to target the large pool of social networking users.
Trusteer contacted Facebook regarding the attack and Facebook requested they pass on the following information:
- Facebook actively detects known malware on users’ devices to provide Facebook users with a self-remediation procedure including the Scan-And-Repair malware scan. To self-enroll in this check point please visit – on.fb.me/AVCheckpoint
- Please advise your readers to report to Facebook any spam they find on the Facebook site, and remember Facebook will never ask for your credit card, social security, or any other sensitive information other than your username and password while logging in.
Leave a reply