Facebook Token Hijacker Malware Could Post On Your Wall, Create Events Inviting Your Friends

rated by 0 users
This post has 2 Replies | 0 Followers

Top 10 Contributor
Posts 26,393
Points 1,192,505
Joined: Sep 2007
News Posted: Wed, Feb 6 2013 10:25 AM
Social butterflies beware, there's a brand new strain of the Facebook Token Hijacker malware going around, and it preys on victims who want to score a pair of free UGGs boots. What makes this malware "special" is that it's armed with improved obfuscation techniques to keep its dirty code hidden from anti-malware software.

Details of the malware were posted online by Mohammand Faghani, a security researcher and former Carleton University student. Though the malware is sophisticated in technique, it still requires user interaction to spread. It does that by posting a special offer of free UGG boots, whereby the user is asked to post his/her access token after logging into the application. The malware then hijacks the user's token and immediately begins posting on the victim's wall. It also attempts to create an event inviting all of the victim's friends.

Facebook UGG

This is a little different from a conventional phishing attack, in which a victim's login credentials are saved for future use. The challenge there is bypassing the Identity and Access Management Controls when signing in from an new location. This bit of malware, however, hijacks the actual access token and gets to work straight away.

As always, if an offer seems too good to be true, it probably is.
  • | Post Points: 20
Top 150 Contributor
Posts 756
Points 7,645
Joined: Nov 2012
Location: Dallas, Tx
Dorkstar replied on Wed, Feb 6 2013 12:18 PM


Let me get this straight. Someone took the time to write a somewhat sophisticated software with the intent to put false ugg boot advertisements? I'm not seeing their gain here.

  • | Post Points: 20
Top 25 Contributor
Posts 3,630
Points 55,230
Joined: Jul 2004
Location: United States, Massachusetts
Dave_HH replied on Wed, Feb 6 2013 1:56 PM

No - They use your preferences to show you fake ads that ask you to click on them and authorize access to your FB account, like an app would, then they spread malware to all your friends and via your wall.

Editor In Chief

  • | Post Points: 5
Page 1 of 1 (3 items) | RSS