If you came across any suspicious Facebook message with 'LOL' text or a fake Image file send by any of your Facebook friend, avoid clicking it. A Trojan horse is currently circulating in wild through the Facebook social network that could steal your Facebook account data and Credentials.
Security researchers spotted this malware campaign first in the beginning of March this year, where the Trojan spreads itself through the Facebook's Messenger service (inbox) by messaging a victim pretending to be one of their friends saying "LOL" with a zip file attached, which appears to be a photo, named "IMG_xxxx.zip".
In Past two weeks, many of our readers informed us that they received similar ZIP files from their trusted Facebook friends. The Hacker News team also noticed that despite after several warnings in media, once again the malware campaign just goes viral like any other video scam, but this time directly through users' inbox-to-inbox.
HOW DOES TROJAN CAMPAIGN SPREADS
- Facebook User receives a file directly into the inbox from one of the trusted friends, appears to be a photo, named 'IMG_xxxx.zip' with messages 'LOL', OMG,"Have a look at this" ,"I can't believe someone posted this"
- The User downloads the file, assuming it to be from trusted friend and unzip it on desktop.
- The Zip file contains a jar file called 'IMG_xxxx.jar' which executes when the user click it.
- The Jar file itself is not a virus, but a malware agent, which actually download a file remotely from a pre-defined Dropbox account (as shown in the code).
- Once downloaded, it installs the malware as a service on the victim's system.
- Then it spread itself further to his Facebook Friends by sending similar malicious message automatically in the background.
To evade detection, the malware injects itself into legitimate processes currently running on the victims' system. This way the malware campaign is spreading like a chain reaction rapidly from last few weeks.
ARE YOU AFFECTED?
To check if you have fall a victim to this attack and have opened any such file sent by your trusted friend, scan your whole system using a reputed antivirus solution and just to be on a safer side change your Facebook account password.
Researchers found the malware as a variant of the Zusy Trojan, which operates by hooking into web browsers in order to steal credit card number or password and send it to the remote malware author.
HOW TO PROTECT?
Before opening any such file, ask the sender if the file is prior to download or not. If they deny, Simply DO NOT DOWNLOAD it.
Cyber criminals have discovered yet another method to utilize the world's most popular social networks for their own beneficial purposes, and because Facebook has become one of the most popular social networking website with more than one billion active users this year, it serves as a vast platform for scammers and cyber criminals to spread malware or virus infections. So, protect yourself from the threats - Stay Tuned to 'The Hacker News'.
