Προσοχή δεν είναι αφορά το hoax που κυκλοφορεί στο Facebook: Ένας ειδικός σε θέματα ασφαλείας της Kaspersky αποκάλυψε μια επίθεση με κακόβουλο λογισμικό, που οδήγησε στην εξαπάτηση περίπου 10.000 χρηστών του Facebook απ' όλο τον κόσμο, οι οποίοι οδηγούνταν στη «μόλυνση» των συσκευών τους. Αυτό συνέβαινε όταν οι χρήστες λάμβαναν ένα message, according to which a friend had reported them on Facebook. The "infected" devices were used to hack into Facebook accounts to spread the virus through the victim's Facebook friends and perform additional malicious activity. Countries from the South American and European regions, as well as Tunisia and Israel, were among those that received the most attacks.
Between June 24th and 27th, thousands of unsuspecting users received a message from a Facebook friend purporting to have mentioned them in a comment. In fact, the message was initiated by attackers and launched a two-stage attack. The first stage "downloaded" a Trojan onto the user's computer that installed, among other things, a malicious extension of theletterof the Chrome browser.
This led to the second phase, the takeover of the victim's account, when users logged into Facebook through the compromised browser. A successful attack gave the threat actor the ability to change them settings privacy and extract data and even more information, allowing it to spread the 'infection' through the victim's Facebook friends or undertake other malicious activities such as spamming, identity theft and creating fraudulent 'likes' and 'shares' '.
Malware has tried to protect itself by putting a blacklist on some websites, such as those belonging to security software vendors.
Kaspersky Security Network has recorded almost 10.000 "infection" attempts around the world. The countries most affected were Brazil, Poland, Peru, Colombia, Mexico, Ecuador, Greece, Portugal, Tunisia, Venezuela, Germany and Israel.
Those who use Windows computers to access Facebook were at a higher risk, and those using Windows-based phones were potentially at risk. Android and iOS handheld users were "immune", as malicious software used "libraries" that are incompatible with these operating systems.
The Trojan downloader used by the attackers is not new. It was reported about a year ago, where it used a similar "infection" process. In both cases, signs of language in malicious software appear to be Turkish-speaking threatening agencies.
Το Facebook πλέον μετριάζει αυτή την απειλή και αποκλείει τις τεχνικές που χρησιμοποιούνται για τη διάδοση κακόβουλων προγραμμάτων από «μολυσμένους» υπολογιστές. Αναφέρει ότι δεν έχει παρατηρήσει περαιτέρω προσπάθειες «μόλυνσης», ενώ η Google έχει επίσης αφαιρέσει τουλάχιστον μία από τις υπαίτιες extensions from the Chrome Web Store.
"There are two points of attack that stand out. First, the spread of the malware was extremely efficient, reaching thousands of users in just 48 hours. Second, the response from consumers and the media was almost as swift. Their reaction increased awareness of the campaign and led to immediate action and research by concerned providers." said Ido Naor, Senior Security Researcher of Kaspersky Lab's Worldwide Research and Analysis Group.
Consumers who think they may be "infected" should scan for malware on their computer or open their Chrome browser and look for unexpected extensions. If they do exist, they should be disconnected from their Facebook account, close the browser, and disconnect the network cable from their computer. Also, they should call a professional to check and remove malware.
In addition, Kaspersky Lab recommends consumers to follow some basic digital security practices:
- Install an anti-malware solution on all devices and keep your operating system software up to date.
- Avoid opening links that are in messages from people you do not know or unexpected messages from friends.
- Be attentive at all times when you are online and when you are connected to social media: if anything seems to be a little suspicious, then it might actually be.
- Apply appropriate privacy settings to social media such as Facebook.
Kaspersky Lab products detect and exclude the threat.
More information about the attack process, how to find out if you are infected, and what to do in this case is available on the site Securelist.com.