Trusteer flags up Facebook malware scam
Security software vendor uncovers malware aimed at charity-minded Facebook users.
Trusteer has discovered a Citadel malware configuration that targets Facebook users with fake requests for donations to children's charities.
The security software firm said the aim of the scam is to steal credit card data from charity-minded members of the social networking site.
Once Facebook users have logged in, the Citadel injection displays a pop up that asks for a $1 donation to a children's charity. The unsuspecting user is then asked for his or her credit card information.
The malware is effective because it targets users by language. It also poses as legitimate, well-known charities in targeted countries.
The company said the malware has web-injection pages in five languages: English, Italian, Spanish, German and Dutch.
In the English-language version, the malware poses as a charity for impoverished Haitian children.
Meanwhile, the Italian version uses the Red Balloon campaign, which was set up to help fight child mortality in Italy.
"This attack illustrates the continuing customisation of financial malware and harvesting of credit card data from the global base of Facebook users," said Trusteer's chief technology officer, Amit Klein.
"Using children's charities as a scam makes this attack believable and effective. Meanwhile, the one dollar donation amount is low enough that virtually anyone can contribute if they chose. This is a well-designed method for stealing credit and debit card data on a massive scale," he added.
Shining light on new 'cool' cloud technologies and their drawbacks
IONOS Cloud Up! Summit, Cloud Technology Session with Russell BarleyWatch now
Build mobile and web apps faster
Three proven tips to accelerate modern app developmentFree download
Reduce the carbon footprint of IT operations up to 88%
A carbon reduction opportunityFree Download
Comparing serverless and server-based technologies
Determining the total cost of ownershipFree download