A Trojan that specifically harvested Facebook login credentials managed to steal more than 16,000 credentials.
According to Eset, Facebook users specifically in Israel were targeted. Once the details were collected, the attacker programmed the Trojan to log into Facebook accounts and collect information on Zynga Poker stats and the number of payment methods saved in the Facebook account, as well as the amount of credit cards stored in their Facebook account.
In the case of a user without a credit card or with a low score, the infected computer received instructions to infect the victim's profile with a link to a phishing site that lured the player's friends to a website resembling the Facebook home page where login credentials were harvested again.
Róbert Lipovský, Eset security intelligence team lead, said: “To protect against attacks relying on social engineering methods, having a good security solution is not enough, users should be attentive to any such ploys. The user could recognise the fake Facebook login page if he/she would check the site's URL.”
Eset said that unlike other Trojans it often sees spreading through Facebook, this Trojan does not log into or in any way interfere with the Facebook account of the user that is infected. Instead, the botnet serves rather as a proxy, so that the illegal activities are not carried out from the perpetrator's computer.