Trusteer flags up Facebook malware scam
Security software vendor uncovers malware aimed at charity-minded Facebook users.
Trusteer has discovered a Citadel malware configuration that targets Facebook users with fake requests for donations to children's charities.
The security software firm said the aim of the scam is to steal credit card data from charity-minded members of the social networking site.
Once Facebook users have logged in, the Citadel injection displays a pop up that asks for a $1 donation to a children's charity. The unsuspecting user is then asked for his or her credit card information.
The malware is effective because it targets users by language. It also poses as legitimate, well-known charities in targeted countries.
The company said the malware has web-injection pages in five languages: English, Italian, Spanish, German and Dutch.
In the English-language version, the malware poses as a charity for impoverished Haitian children.
Meanwhile, the Italian version uses the Red Balloon campaign, which was set up to help fight child mortality in Italy.
"This attack illustrates the continuing customisation of financial malware and harvesting of credit card data from the global base of Facebook users," said Trusteer's chief technology officer, Amit Klein.
"Using children's charities as a scam makes this attack believable and effective. Meanwhile, the one dollar donation amount is low enough that virtually anyone can contribute if they chose. This is a well-designed method for stealing credit and debit card data on a massive scale," he added.
BCDR buyer's guide for MSPs
How to choose a business continuity and disaster recovery solutionDownload now
The definitive guide to IT security
Protecting your MSP and your customersDownload now
Cost of a data breach report 2020
Find out what factors help mitigate breach costsDownload now
The complete guide to changing your phone system provider
Optimise your phone system for better business resultsDownload now