We never tire of repeating, social networks are an ideal conduit, due their large diffusion, for the spread of malware, they are used by cybercrime to realize complex fraud schema and by military to conduct offensive operations or cyber espionage campaigns. ESET Security Research has published an interesting analysis on the ‘PokerAgent’ botnet detected during 2012 that hit Facebook users stealing log-on credentials and collecting information on credit card details linked to the Facebook account and Zynga Poker player stats.
The botnet infected computers all around the world, mainly located in Israel stealing over 16194 Facebook credentials.
“Our tracking of the botnet revealed that at least 800 computers have been infected with the Trojan and that theattacker had at least 16194 unique entries in his database of stolen Facebook credentials by March 20, 2012”
It adopted a consolidated schema providing a link to the victims would lead to a compromised webpage, the pages featured tabloid topics which a user could be curious to click on. Users are anyway redirected to a fake Facebook login page used to collect user’s credentials.
Very interesting the logic implemented in malware code that uses a funcion dubbed ShouldPublish to determine whether the phishing links should be posted to the user’s wall depending on whether the victim has any credit cards linked to his account and his Zynga Poker ranking.
The ESET researchers noted that the malware does not log into or in any way interfere with the Facebook account of the victim, the tasks given to bots are not carried out from the attacker’s computer.
Having said that, the aforementioned facts lead us to the conclusion that the purpose of the botnet is to:
Probably attacker are interested to collect credit card information ro successively sell the database to other criminals.
The ‘PokerAgent’ isn’t the unique malware-based attack that exploits social media, to avoid to be victim of similar fraud it is suggested to use updated defense system and to take proper conduct in the use of social networks.
Fortunately principal social media platform are implementing a series of countermeasure to mitigate cyber threats such as two-factor authentication to prevent the infected bots from logging into the victim Facebook accounts.
Pierluigi Paganini
A Chinese threat actor, tracked as UAT-6382, exploited a patched Trimble Cityworks flaw to deploy…
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a Samsung MagicINFO 9 Server vulnerability to its…
Signal implements new screen security on Windows 11, blocking screenshots by default to protect user…
Microsoft found 394,000 Windows systems talking to Lumma stealer controllers, a victim pool that included…
CISA warns Russia-linked group APT28 is targeting Western logistics and tech firms aiding Ukraine, posing…
Cellcom, a regional wireless carrier based in Wisconsin (US), announced that a cyberattack is the…
This website uses cookies.