Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Malware

A singular Facebook Trojan has already infected nearly 110,000 Facebook users

Security researcher is investigating in a new strain of Facebook Trojan that in just two days has already infected 1110,000 Facebook users. Social networks represent a privileged attack vector for malware-based attacks, a recent investigation conducted by by the security researcher Mohammad Faghani revealed the existence of a Trojan is circulating among Facebook users. According to the researcher, […]

A singular Facebook Trojan has already infected nearly 110,000 Facebook users

Security researcher is investigating in a new strain of Facebook Trojan that in just two days has already infected 1110,000 Facebook users.

Social networks represent a privileged attack vector for malware-based attacks, a recent investigation conducted by by the security researcher Mohammad Faghani revealed the existence of a Trojan is circulating among Facebook users. According to the researcher, the Trojan has already infected nearly 110,000 Facebook users in two days by spreading itself through malicious link.

Faghani explained that the Facebook Trojan spreads itself by posting links to a pornographic video from the account of unaware victims that have been previously infected.

The trojan tags the infected user’s friends in an enticing post. When users open the post, the user will see a preview of a porn video which eventually stops and asks for downloading a (fake) flash player to continue the preview, unfortunately the bogus application is the downloader of the Facebook Trojan.

facebook trojan 2

Faghani is still investigating on this Facebook Trojan and will provide further details via Full Disclosure in the next weeks.

The MD5 of the executable file (fake flash player): cdcc132fad2e819e7ab94e5e564e8968

The SHA1 of the executable file (fake flash player): b836facdde6c866db5ad3f582c86a7f99db09784

The fake flash file drops the following executables as it runs: chromium.exe,

  • chromium.exe
  • wget.exearsiv.exe,
  • arsiv.exe
  • verclsid.exe.

Pierluigi Paganini

(Security Affairs – Facebook Trojan, social network)