A new campaign of attacks has recently been launched by cyber scammers trying to expand the network Asprox of infected computers, relying on spoofing emails that lead to malicious sites, aka phishing email.
Fraudsters use a signal that purports to come from Facebook as a decoy to inform the recipient that their password has been changed, for the websiteσελίδα of social network.
To make this communication more believable, cybercriminals include in the email, original graphics from the Facebook, and even a brief report on suspicious activity that triggered the code change mechanism.
The report, signed by “The Facebook Security Team”, claims that an unidentified person used the Opera browser from Android συσκευή, για πρόσβαση στο Facebook χωρίς την άδεια του κατόχου του λογαριασμού. Παρέχονται επίσης μια fake IP address and an estimate of the geographic location from where this attempt was allegedly made.
Each geoIP search tool shows that the location in the email and address are not the same. On the other hand, these indications are unlikely to be immediately perceived by a normal user.
With this trap, the victim can change his password through a link that leads him to a form asking him to fill in his details to complete the process.
Instead, a file with an executable script is downloaded to the victim's computer. Asprox, also known as Kuluoz, was discovered in 2008 and is used by cyber scammers for a variety of activities.