The Hacker News
Social networking sites are unfortunately now major interest to malicious cyber criminals, spreading malware and building botnet army to steal money direct from your keyboards.

Janne Ahlberg, a security professional from Finland found and analysed an interesting piece of malicious code, offered as browser plugin, and infecting system to steal passwords from user's browser and also modifies the original Pinterest Pins links to spam with malicious links automatically.
A diet spam on Pinterest redirecting users to a malicious site with domain name, plausible-looking domain name, like original Pinterest with similar appearance. On page load, it triggers a pop up message to all incoming visitors, offering to download "Pinterest Tool" as shown in screenshots "To continue, install our Pinterest Tool and enjoy more features of our site."
The Hacker NewsJanne's investigation claims that, this fake site offering a fake malware loaded browser plugin, harvesting passwords from users system.

F-Secure Antivirus firm also detected it as "Trojan.PWS.ZAQ". Similar malicious Pinterest plugin was first time spotted in 2012.
The Hacker News
Another researcher, Chrisjwilson has also analyzed the plugin and found that malware is modifying the original Pinterest Pins made my user and inserting malicious links to do spam. This malware gets the website specific payload from a remote server. Currently it seems to be limited to Pinterest, but estimated thousands of users are already infected.

Update: Janne blogged that server IP addresses ,, related to spam are currently offline after public disclosure.

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.