- News & Events
June 27, 2013
Developers use the Facebook API to create apps for Facebook. Cybercriminals use the same Facebook API to spread malware to Facebook users.
According to an ibtimes.com article by Ryan W. Neal, who says “Facebook is doing nothing to stop (the spread of the malware),” links have been found containing Zeus, a nasty little Trojan generally used to steal from victims’ bank accounts. The targets are NFL, NBA and Real Madrid (Real Madrid Club de Fútbol) fans who use Facebook.
Neal writes, “While not all of the scams are the same, advocacy groups like Fans Against Kounterfeit Enterprise detected that many of these links are serving up malware like Zeus. FAKE (traced the links) back to Russian servers owned by a crime syndicate that specializes in malware, identify theft and child pornography.”
Many of the links purport to have been posted “via Graph API Explorer,” a tool used by developers building Facebook apps. The ibtimes.com story observes programmers use the tool to “query data, create posts, create check-ins and just about everything else one can do on Facebook. There is an even an option to create “Access tokens,” which allow for an app to access a user’s status, groups and many others.”
FAKE’s Eric Feinberg noted that this security flaw made it possible for hackers to dupe people into giving up information by posing as individuals the victims could trust. Ploys hackers used included offering links for buying cheap jerseys or free live streaming video of playoff games. Feinberg thought the solution would be to close off Graph API Explorer. But, so far Facebook has not been inclined to take that action. However, Facebook did block Tor users after a large number of malicious links were found. (Tor is free software and an open network that, in its words, “helps you defend against a form of network surveillance that threatens personal freedom and privacy, confidential business activities and relationships, and state security known as traffic analysis.”)
While Apple OS X and Linux appear to be immune to the malware, Neal warns Windows’ users to be wary of any URL with “tk” in the address as well as anything posted from Graph API Explorer.
ThreatMetrix is the fastest-growing provider of integrated web fraud and cybersecurity solutions. The TrustDefender™ Cybercrime Protection Platform helps companies prevent unauthorized access to web and mobile applications, protect sensitive data, and secure transactions against account takeover, payment fraud, identity spoofing, malware, and data breaches. ThreatMetrix protects more than 1,500 customers and 9,000 websites across a variety of industries, including financial services, enterprise, e-commerce, payments, social networks, government, and insurance. For more information, visit www.threatmetrix.com or call 1-408-200-5755.
To join in the cybersecurity conversation, follow us on Twitter @ThreatMetrix.
Posted by Dan Rampe
Tags: Account Takeover, CNP fraud, Cookieless Device Identification, Cookies, Credit Card Fraud, Cyber attacks, Device Detection, Device Fingerprint, Device Fingerprinting, Device ID, Device Identification, Facebook, Fans Against Kounterfeit Enterprise, Fraud Prevention, Identity theft, Malware, Malware Protection, Man-in-the-Browser Detection, MitB, Mobile fraud, Online Fraud, PII, ThreatMetrix, ThreatMetrix Cybercrime Index, ThreatMetrix Cybercrime Protection Platform, ThreatMetrix Global Trust Intelligence Network