Facebook Token Hijacker Malware Could Post On Your Wall, Create Events Inviting Your Friends
Social butterflies beware, there's a brand new strain of the Facebook Token Hijacker malware going around, and it preys on victims who want to score a pair of free UGGs boots. What makes this malware "special" is that it's armed with improved obfuscation techniques to keep its dirty code hidden from anti-malware software.
Details of the malware were posted online by Mohammand Faghani, a security researcher and former Carleton University student. Though the malware is sophisticated in technique, it still requires user interaction to spread. It does that by posting a special offer of free UGG boots, whereby the user is asked to post his/her access token after logging into the application. The malware then hijacks the user's token and immediately begins posting on the victim's wall. It also attempts to create an event inviting all of the victim's friends.
This is a little different from a conventional phishing attack, in which a victim's login credentials are saved for future use. The challenge there is bypassing the Identity and Access Management Controls when signing in from an new location. This bit of malware, however, hijacks the actual access token and gets to work straight away.
As always, if an offer seems too good to be true, it probably is.
Details of the malware were posted online by Mohammand Faghani, a security researcher and former Carleton University student. Though the malware is sophisticated in technique, it still requires user interaction to spread. It does that by posting a special offer of free UGG boots, whereby the user is asked to post his/her access token after logging into the application. The malware then hijacks the user's token and immediately begins posting on the victim's wall. It also attempts to create an event inviting all of the victim's friends.
This is a little different from a conventional phishing attack, in which a victim's login credentials are saved for future use. The challenge there is bypassing the Identity and Access Management Controls when signing in from an new location. This bit of malware, however, hijacks the actual access token and gets to work straight away.
As always, if an offer seems too good to be true, it probably is.
