Trusteer flags up Facebook malware scam

Security software vendor uncovers malware aimed at charity-minded Facebook users.

Facebook key

Trusteer has discovered a Citadel malware configuration that targets Facebook users with fake requests for donations to children's charities.

The security software firm said the aim of the scam is to steal credit card data from charity-minded members of the social networking site.

Once Facebook users have logged in, the Citadel injection displays a pop up that asks for a $1 donation to a children's charity. The unsuspecting user is then asked for his or her credit card information.

The malware is effective because it targets users by language. It also poses as legitimate, well-known charities in targeted countries.

The company said the malware has web-injection pages in five languages: English, Italian, Spanish, German and Dutch.

In the English-language version, the malware poses as a charity for impoverished Haitian children.

Meanwhile, the Italian version uses the Red Balloon campaign, which was set up to help fight child mortality in Italy.

"This attack illustrates the continuing customisation of financial malware and harvesting of credit card data from the global base of Facebook users," said Trusteer's chief technology officer, Amit Klein.

"Using children's charities as a scam makes this attack believable and effective. Meanwhile, the one dollar donation amount is low enough that virtually anyone can contribute if they chose. This is a well-designed method for stealing credit and debit card data on a massive scale," he added.

Featured Resources

Shining light on new 'cool' cloud technologies and their drawbacks

IONOS Cloud Up! Summit, Cloud Technology Session with Russell Barley

Watch now

Build mobile and web apps faster

Three proven tips to accelerate modern app development

Free download

Reduce the carbon footprint of IT operations up to 88%

A carbon reduction opportunity

Free Download

Comparing serverless and server-based technologies

Determining the total cost of ownership

Free download

Recommended

Investors warned to be vigilant of fake SEC alerts
cyber crime

Investors warned to be vigilant of fake SEC alerts

22 Nov 2021
Meta delays product-wide end-to-end encryption rollout until 2023
encryption

Meta delays product-wide end-to-end encryption rollout until 2023

22 Nov 2021
Podcast transcript: Can the US take on big tech?
Policy & legislation

Podcast transcript: Can the US take on big tech?

19 Nov 2021
The IT Pro Podcast: Can the US take on big tech?
Policy & legislation

The IT Pro Podcast: Can the US take on big tech?

19 Nov 2021

Most Popular

What should you really be asking about your remote access software?
Sponsored

What should you really be asking about your remote access software?

17 Nov 2021
Jack Dorsey resigns as Twitter CEO
business management

Jack Dorsey resigns as Twitter CEO

29 Nov 2021
Best MDM solutions 2020
mobile device management (MDM)

Best MDM solutions 2020

12 Nov 2021