Products
Applications
Support
Company
How To Buy
Skip to main content (Press Enter).
Sign in
Skip auxiliary navigation (Press Enter).
Register
Skip main navigation (Press Enter).
Toggle navigation
Search Options
Home
My Communities
Communities
All Communities
Enterprise Software
Mainframe Software
Symantec Enterprise
Blogs
All Blogs
Enterprise Software
Mainframe Software
Symantec Enterprise
Events
All Events
Enterprise Software
Mainframe Software
Symantec Enterprise
Water Cooler
Groups
Enterprise Software
Mainframe Software
Symantec Enterprise
Members
Endpoint Protection
View Only
Community Home
Threads
Library
Events
Members
Back to Library
Phishers Use Malware in Fake Facebook App
1
Recommend
Oct 09, 2013 08:25 AM
Migration User
Contributor: Daniel Regalado Arias
Phishers frequently introduce bogus applications to add new flavor into their phishing baits. Let’s have a look at a new fake app that phishers are leveraging. In this particular scam, phishers were trying to steal login credentials, but their means of data theft wasn’t with the phishing bait alone. Their ploy also used malware for harvesting users’ confidential information. The phishing site spoofed the login page of Facebook and was hosted on a free web hosting site.
Figure 1:
The phishing site that spoofed the appearance of Facebook’s login page
The phishing site boasted that the application would enable users to view a list of people who visited their profile page. The site offered two options to activate the fake app. The first option was by downloading software containing the malware and the second was by entering user credentials and logging into Facebook. A message on the phishing page encouraged users to download the software that would allegedly send notifications to the user when someone visited their Facebook profile. If the download button was clicked, a file download prompt appeared. The file contained malicious content detected by Symantec as
Infostealer
. On the other hand, if user credentials were entered, the phishing site redirected to a legitimate Facebook page.
Symantec analyzed the malware and found its behavior to be as follows:
The malware consists of two executable files that both perform the same action
The files are added to the registry run key, which execute after every reboot.
The malware sets up a key logger in order to track anything that the victim types.
Then, it will check if there is internet connectivity by pinging
www.google.com
. If there is connectivity, the malware will send all information gathered to the attacker’s email address.
Symantec observed that the email address has not been valid for 3 months and hence the malware is not able to send updates to the attacker at the moment.
If users fell victim to the phishing site by entering their login credentials, the phishers would have successfully stolen their information for identity theft purposes.
Internet users are advised to follow best practices to avoid phishing attacks:
Check the URL in the address bar when logging into your account and make sure it belongs to the website that you want to go to
Do not click on suspicious links in email messages
Do not provide any personal information when answering an email
Do not enter personal information in a pop-up page or window
Ensure that the website is encrypted with an SSL certificate by looking for the padlock image/icon, “https” or the green address bar when entering personal or financial information
Use comprehensive security software, such as Norton Internet Security or Norton 360, which protects you from phishing scams and social networking scams
Exercise caution when clicking on enticing links sent through email or posted on social networks
Statistics
0 Favorited
0 Views
0 Files
0 Shares
0 Downloads
Tags and Keywords
Related Entries and Links
No Related Resource entered.
Copyright 2019. All rights reserved.
Powered by Higher Logic