Malware Campaign Targets Facebook

Malware Campaign Targets Facebook

A fresh malware attack targeted specifically at businesses and consumers who use Facebook has been devised, making use of social engineering and phishing.

The Comodo Threat Research Lab team has found that the Facebook malware tries to represent itself as an email from Facebook which states there is a new message for the recipient. The email address and sender’s name tries to brand itself as Facebook, but the sender’s email address is from different domains and not in any way related with the Facebook company.

The subjects of the emails are pretty straightforward: A brief vocal e-mail was delivered; an audio announcement has been delivered!; an audible warning has been missed; you got a vocal memo!; you recently missed a short audible notice; and Ein Videohinweis wurde vermisst! (German for “a video note was missed”).

“In this age of cyber attacks, being exposed to phishing is a destiny for every company, well-known or not. It may not be the most groundbreaking attack method cyber-criminals use—but there’s no denying that cyber-criminals are becoming more clever when crafting their messages,” said Fatih Orhan, director of technology for Comodo and the Comodo Threat Research Lab, in a blog. “More frequently, they’re using well-known applications or social platforms and also action-oriented language in the subject lines to entice recipients to open the emails, click the links or attachments and spread the malware.”

Each subject line ends with a set of random characters like ‘sele’ or ‘Yqr’.  These are most likely being used to bypass antispam products. And the malware in the email itself is in a .zip file, sent as an attachment. Inside the zip file there is an executable file containing a variant of the Nivdort malware family.

Nivdort is identified as a trojan that interferes with internet connections and prevents the user from accessing websites. It also distributes a large number of malicious files throughout a victim’s hard drive, which can be used to exploit the user's computer to install ransomware applications and other remote controlled malware.

The initiative is very similar to a campaign that targeted WhatsApp users earlier in the month. As part of a random phishing campaign, cyber-criminals were sending fake emails representing the information as official WhatsApp content to spread malware when victims clicked on the attached “message.” The Facebook effort was most likely designed by the same perpetrators.

“Users should be cautious of any email that requires information or that redirects to a URL web page— and especially if there is a file download,” said Orhan.

Photo © dolphin/

Source: Information Security Magazine