malware and building botnet army to steal money direct from your keyboards.
Janne Ahlberg, a security professional from Finland found and analysed an interesting piece of malicious code, offered as browser plugin, and infecting system to steal passwords from user's browser and also modifies the original Pinterest Pins links to spam with malicious links automatically.
A diet spam on Pinterest redirecting users to a malicious site with domain name pinteresf.org, plausible-looking domain name, like original Pinterest with similar appearance. On page load, it triggers a pop up message to all incoming visitors, offering to download “Pinterest Tool” as shown in screenshots “To continue, install our Pinterest Tool and enjoy more features of our site.”
Janne's investigation claims that, this fake site offering a fake malware loaded browser plugin, harvesting passwords from users system.
F-Secure Antivirus firm also detected it as “Trojan.PWS.ZAQ“. Similar malicious Pinterest plugin was first time spotted in 2012.analyzed the plugin and found that malware is modifying the original Pinterest Pins made my user and inserting malicious links to do spam. This malware gets the website specific payload from a remote server. Currently it seems to be limited to Pinterest, but estimated thousands of users are already infected.
Update: Janne blogged that server IP addresses 220.127.116.11 , 18.104.22.168, 22.214.171.124 related to pinteresf.org spam are currently offline after public disclosure.
About the author