First found making the rounds in Brazil where the threat is detected by Microsoft and identified as Trojan: JS / Febipos.A. Its almost similar to plugins in other browsers keep himself diperbahrui every time malware has new instructions from its author.
The trojan will check if the current user is logged-in to Facebook. If you are, it attempts to download a configuration file that contains a list of commands. Depending on the file, Microsoft has found the malware is capable of doing any of the following with the user’s Facebook profile: Like a page, share content, post on people’s profiles, comment on other posts, join a group, invite friends to a group, and chat with friends.
Microsoft monitored a Facebook Page that the plugin often posted on and noticed that its Likes and comments increased, suggesting that users are actively installing these plugins. This shows that there is a possibility that the malware author wants users to install their plugins to use it as a tool for social networking engineering tactics used in email and social networking spam.
Results of analysis of Microsoft : There may be more to this threat because it can change its messages, URLs, Facebook pages and other activity at any time. In any case, we recommend you always keep your security products updated with the latest definitions to help avoid infection.
In other words, while the threat seems to be currently focused on targeting Facebook users in Brazil (its messages are all written in Brazilian Portuguese), it’s easy to see how the threat could be modified to target more users. The fact that it uses a configuration file shows that the criminals specifically designed it to be modular.
The good news here is that this malware currently isn’t widespread. Nevertheless, you should make a point to only install browser extensions and add-ons from trusted sources such as the Chrome Web Store and Add-ons for Firefox.
0 comments:
Post a Comment