Beware it's not about the hoax circulating on Facebook: A subject matter expert security της Kaspersky αποκάλυψε μια επίθεση με κακόβουλο λογισμικό, που οδήγησε στην εξαπάτηση περίπου 10.000 χρηστών του Facebook απ' όλο τον κόσμο, οι οποίοι οδηγούνταν στη «μόλυνση» των συσκευών τους. Αυτό συνέβαινε όταν οι χρήστες λάμβαναν ένα μήνυμα, σύμφωνα με το οποίο, ένας φίλος τους είχε αναφέρει στο Facebook. Οι συσκευές που «μολύνθηκαν», χρησιμοποιήθηκαν για την παραβίαση λογαριασμών στο Facebook, ώστε να εξαπλωθεί ο ιός μέσω των φίλων του θύματος στο Facebook και να πραγματοποιηθεί επιπλέον κακόβουλη δραστηριότητα. Χώρες από τις περιοχές της Νοτίου Αμερικής και της Ευρώπης, καθώς η Τυνησία και το Ισραήλ ήταν ανάμεσα σε αυτές που δέχτηκαν τις περισσότερες επιθέσεις.
Between 24 and 27 June, thousands of unsuspecting users received a message from a friend on Facebook, allegedly reported in a comment. In fact, the message was launched by attackers and launched a two-stage attack. The first stage downloaded a Trojan into the user's computer that installed, among other things, a malicious extension of the Chrome browser.
This led to the second phase, the takeover of the victim's account, when users logged into Facebook through the compromised browser. A successful attack gave the threat actor the ability to change privacy settings and extract data and even more information, allowing it to spread the "infection" through the victim's Facebook friends or undertake other malicious activities such as spamming, the theft ID cardand the creation of fraudulent 'like' and 'share'.
Malware has tried to protect itself by putting a blacklist on some websites, such as those belonging to security software vendors.
Kaspersky Security Network has recorded almost 10.000 "infection" attempts around the world. The countries most affected were Brazil, Poland, Peru, Colombia, Mexico, Ecuador, Greece, Portugal, Tunisia, Venezuela, Germany and Israel.
Those using Windows computers to access Facebook were at greater risk, while those using phones with functional Windows may have been compromised. Users of Android and iOS mobile devices were “immune” as the malware used “libraries” which are not compatible with these operating systems.
The Trojan downloader used by the attackers is not new. It was reported about a year ago, where it used a similar "infection" process. In both cases, signs of language in malicious software appear to be Turkish-speaking threatening agencies.
Facebook is now mitigating this threat and blocking the techniques used to spread malware from "infected" computers. He states that he has not observed any further "contamination" attempts, while the Google has also removed at least one of the offending extensions from the Chrome Web Store.
"Two are the points of the attack that stand out. First, spreading malware was extremely effective, reaching thousands of users in just 48 hours. Secondly, the response from consumers and the media was almost as fast. Their reaction has increased awareness of the campaign and has led to immediate action and research by the providers concerned, δήλωσε ο Ido Naor, Senior Security Researcher της Παγκόσμιας Ομάδας Έρευνας και Ανάλυσης της Kaspersky Lab.
Consumers who think they may be "infected" should scan for malware on their computer or open their Chrome browser and look for unexpected extensions. If they do exist, they should be disconnected from their Facebook account, close the browser, and disconnect the network cable from their computer. Also, they should call a professional to check and remove malware.
In addition, Kaspersky Lab recommends consumers to follow some basic digital security practices:
- Install an anti-malware solution on all devices and keep your operating system software up to date.
- Avoid opening links that are in messages from people you do not know or unexpected messages from friends.
- Be attentive at all times when you are online and when you are connected to social media: if anything seems to be a little suspicious, then it might actually be.
- Apply appropriate privacy settings to social media such as Facebook.
Kaspersky Lab products detect and exclude the threat.
More information about the attack process, how to find out if you are infected, and what to do in this case is available on the site Securelist.com.
