Leave a comment

Facebook credentials stolen by new malware posing as ‘stress-relieving’ painting program

Facebook credentials stolen by new malware posing as ‘stress-relieving’ painting program
© Bluemoon1981 | Dreamstime.com

Given all the news that has surrounded Facebook, it would be understandable if you decided to deactivate or delete your account. Do that and, it could be reasoned, the privacy and security issues the site has would no longer be of much concern to you.

But if you have not gone that route and continue to use the site, you will want to do so carefully, since it has become clear that Facebook is not 100 percent on top of things when it comes to security. Furthermore, as long as people use the site, criminals will try to take advantage.

That's why with all the troubles Facebook finds itself in these days, one of the last things they needed was bad news that isn't even really their fault. Yet, that's exactly what has come down.

It's all about malware

Taking advantage of people who were having a rough day, a malware disguised itself as part of a program called "Relieve Stress Paint." Unicode representation allowed it to show up as an aol.net in search engines and emails, and from there more than 40,000 people downloaded it.

The program does what it says it will with regards to paint, changing colors and line size every time you click. But while it is doing that it is also copying Google Chrome data that keeps cookies as well as saved passwords for previously accessed Facebook accounts.

With access to Facebook accounts, the malware also gathered any payment details that were attached to the account, as well as the number of friends it had and whether or not it was used to manage a page.

The malware will copy Facebook credentials every time someone opens the app and each time the computer restarts, with the data then being sent to a command-and-control server. Through some investigating it appeared there was also room for collected Amazon accounts, though that code was probably not yet active given that it was empty.

In all, it was discovered that so far more than 40,000 computers had been infected and tens of thousands of Facebook accounts compromised.

Oh no, I downloaded the app!

A large reason why this was an effective kind of malware is that it does not steal anything so much as it does copy cookies and saved passwords by querying copies of the original cookies and login data files. No one is sure what was done with any information that was gleaned, but you can imagine what all it could be used for.

If you downloaded the app and are worried about your computer, it will be important to immediately change your password and also check the security and login section of Facebook's settings to see if there were any logins by unrecognized computers.

To do that, you need to click on the menu tab (upside down triangle on a desktop) and select "Settings." On the left-hand side, you will see an option for "Security and Login," which you will choose.

That will then provide a list of things, including a recent list of where you're logged in. If everything checks out, you should be good. If not, it will be a sign that you need to make some changes.

Cybercriminals have turned to your router to spread malware

We've always been warning you about how vulnerable your router can be if it's not configured properly. This newly discovered malware campaign does precisely that. If you're not careful, cybercriminals can quickly drain your bank accounts without warning! Learn all about how to protect yourself here.

Next Story
Source: ARS Technica
Yahoo, AOL, and Oath's new massive email privacy policy changes you need to know about
Previous Happening Now

Yahoo, AOL, and Oath's new massive email privacy policy changes you need to know about

This one tech mistake caused the Trump Tower fire
Next Happening Now

This one tech mistake caused the Trump Tower fire

View Comments ()