Researchers from security firm Radware recently discovered a new malware that steals login information of Facebook users. The malware, dubbed Stresspaint, has successfully stolen login credentials of more than 45,000 Facebook users, and the group behind it seems to be searching for Facebook accounts with pages or with large networks, the security firm noted. A substantial percentage of the victims are from Vietnam, Russia, Pakistan, Indonesia, and Ukraine. In order to distribute the malware, the group sent phishing messages either through email or directly on Facebook. The messages prompt users to install a painting application called Relieve Stress Paint Tool from a page that mimics more popular websites like AOL.
Once the user starts running the infected app, the malware incorporated into it will start stealing any login information stored on their computer. The malware also steals Facebook login credentials of victims each time they re-open the painting application and when they restart their computers. It steals the information by first copying Chrome cookies and storing them in a separate location. The software then looks into the contents of cookies for the Facebook login information of the victim. Once the target data is located, it is sent to a command and control server, and its authors use an open-source content management system to view the stolen credentials and export Facebook data. At this point, it is not yet clear what the attackers plan to do with the stolen information, although the researchers think that the data could be used for malvertising and propaganda.
For years, hackers have been actively developing malware that attempts to steal login information and other data from various devices. A recently discovered malware dubbed RedDrop collects data from the victim’s Android device and like the Stresspaint malware, stores it in a folder that can be accessed by the attackers. Another similar malware which was first uncovered in 2016 poses as a Chrome browser update. However, once it obtains administrative access, it steals sensitive information like call logs, text messages, and credit card information. In order for users to stay protected from such attacks, the security firm is advising them to only download files and applications from legitimate websites.
