Facebook Valentine’s Day Theme Leads to Trojan attack

Trend Micro researchers spotted a new Facebook scam that claims it provides Valentine’s Day Theme for your profile.
The scam message will be posted on affected facebook users’ wall inviting other users to install a Valentine’s theme into their Facebook profile.
Facebook users who fall for this scam message and click the link post will be taken to another page that displays a “Install ” button.  Once user click the install button, it will download the file called “FacebookChrome.crx” , it is identified as TROJ_FOOKBACE.A by Trend Micro.

When executed, the trojan displays ads from certain websites, also installs itself on the on the users’ browsers as an extension named Facebook Improvement.Once the extension is installed, it will redirect you to a survey page based on our browsing activities, the survey page may ask your personal details for further spamming attack.

“But while there may be browser activity monitoring involved, TROJ_FOOKBACE.A does not seem to have any information theft techniques. It fits the criteria of a clickjacking attack more, where it automatically ‘likes’ several Facebook pages as well as automatically posts a message on the affected user’s wall.” reads Trend Micro Post.

Advertisements

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s