A new Facebook Malware in the form of a Trojan is infecting hundreds of thousands of Facebook ...
A new Facebook Malware in the form of a Trojan is infecting hundreds of thousands of Facebook users in only two days.
This trojan is slightly different from previos social network related Malware. For example, the previous trojans sent messages (on behalf of the victim) to the victim’s friends. When the friends were infected, the malware could go one step further and infect the friends of the initial victim’s friends.
In the new technique, which has been coined by Seclists as “Magnet”, the malware gets more visibility to the potential victims as it tags the friends of the victim in a the malicious post. In this case, the tag may be seen by friends of the victim’s friends as well, which leads to a larger number of potential victims. Thus speeding up malware propagation.
There is an temporary solution for identifying the Malware from Seclist, this information might come in handy:
The MD5 of the executable file (fake flash player):
The SHA1 of the executable file (fake flash player)
The fake flash file drops the following executables as it runs:
chromium.exe, wget.exe, arsiv.exe, verclsid.exe.
The malware is able to hijack keyboard and mouse movement from an initial investiagation from Seclist.