Ignorer le contenu principal

Kaspersky Lab Exposes Facebook Phishing Attacks: 10,000 Victims in Two Days

2 juillet 2016

A Kaspersky Lab security expert has uncovered a malware attack that tricked around 10,000 Facebook users around the world into infecting their devices after receiving a message from a friend claiming to have mentioned them on Facebook

A Kaspersky Lab security expert has uncovered a malware attack that tricked around 10,000 Facebook users around the world into infecting their devices after receiving a message from a friend claiming to have mentioned them on Facebook. Compromised devices were used to hijack Facebook accounts in order to spread the infection through the victim’s own Facebook friends and to enable other malicious activity. Countries in South America, Europe, Tunisia and Israel were hardest hit.

Between the 24th and 27th June, thousands of unsuspecting consumers received a message from a Facebook friend saying they’d mentioned them in a comment. The message had in fact been initiated by attackers and unleashed a two-stage attack.  The first stage downloaded a Trojan onto the user’s computer that installed, among other things, a malicious Chrome browser extension. This enabled the second stage, the takeover of the victim’s Facebook account when they logged back into Facebook through the compromised browser. A successful attack gave the threat actor the ability to change privacy settings, extract data and more, allowing it to spread the infection through the victim’s Facebook friends or undertake other malicious activity such as spam, identity theft and generating fraudulent ‘likes’ and ‘shares’. The malware tried to protect itself by black-listing access to certain websites, such as those belonging to security software vendors. 

The Kaspersky Security Network registered just under 10,000 infection attempts worldwide.  The countries most affected were Brazil, Poland, Peru, Colombia, Mexico, Ecuador, Greece, Portugal, Tunisia, Venezuela, Germany and Israel.

2016-07-01_18-26-40.jpg

People using Windows-based computers to access Facebook were at the greatest risk, while those using Windows OS phones could possibly have been at some risk.  Users of Android and iOS mobile devices were immune since the malware used libraries which are not compatible with these mobile operating systems.

The Trojan downloader used by the attackers is not new.  It was reported on about a year ago, making use of a similar infection process.  In both the cases, language signs in the malware appear to point to Turkish-speaking threat actors.

Facebook has now mitigated this threat and is blocking techniques used to spread malware from infected computers. It says that it has not observed any further infection attempts.  Google has also removed at least one of the culprit extensions from the Chrome Web Store.

“Two aspects of this attack stand out.  Firstly, the delivery of the malware was extremely efficient, reaching thousands of users in only 48 hours. Secondly, the response from consumers and the media was almost as fast. Their reaction raised awareness of the campaign and drove prompt action and investigation by the providers concerned,”said Ido Naor, Senior Security Researcher, Global Research and Analysis Team, Kaspersky Lab.

Consumers who think that they may have been infected should run a malware scan on their computer or open their Chrome browser and look for unexpected extensions.  If these are present they should log out of their Facebook account, close the browser and disconnect the network cable from their computer. Get a professional to check for and clean away the malware.

In addition, Kaspersky Lab advises all consumers to follow some basic cyber-safety practices:

  • Install an antimalware solution on all devices and keep OS software up-to-date.
  • Avoid clicking on links in messages from people you don’t know, or in unexpected messages from friends.
  • Exercise caution at all times when online and on social media networks: if something looks even slightly suspicious, it probably is.
  • Implement appropriate privacy settings on social media networks such as Facebook.

Kaspersky Lab products detect and block the threat.

Read more about the attack process and how to find out whether you’ve been infected and what to do if you have in Facebook Malware: Tag Me if You Can at Securelist.com.  

Kaspersky Lab Exposes Facebook Phishing Attacks: 10,000 Victims in Two Days

A Kaspersky Lab security expert has uncovered a malware attack that tricked around 10,000 Facebook users around the world into infecting their devices after receiving a message from a friend claiming to have mentioned them on Facebook
Kaspersky logo

À propos de Kaspersky

Kaspersky est une entreprise mondiale de cybersécurité et de confidentialité numérique fondée en 1997. Avec plus d’un milliard d’appareils protégés à ce jour contre les cybermenaces émergentes et les attaques ciblées, l’expertise de Kaspersky en matière de sécurité et de veille sur les menaces prend la forme de solutions et services innovants améliorées en continu et visant à protéger les entreprises, les infrastructures critiques, les gouvernements et les consommateurs du monde entier. Le portefeuille de sécurité complet de l’entreprise comprend une protection de pointe des terminaux, des produits et services de sécurité spécialisés, ainsi que des solutions de cyberimmunité pour lutter contre les menaces numériques sophistiquées qui ne cessent d’évoluer. Nous aidons plus de 200 000 entreprises clientes à protéger ce qui compte le plus pour elles. Plus d'informations sur : www.kaspersky.fr.

Articles connexes Communiqués de presse