January 31, 2013

16 Thousand Facebook Credentials Stolen

ESET Security Research Lab discovered the PokerAgent botnet in 2012, which is a Trojan horse designed to harvest Facebook log-on credentials, also collecting information on credit card details linked to the Facebook account and Zynga Poker player stats.

According to their latest report, the botnet is still active mostly in Israel and a total of 800 computers were infected, where over 16,194 Facebook credentials were stolen. The Trojan is active with many variants and belongs to MSIL/Agent.NKY family.

ESET revealed that, the Trojan is coded in C# language and easy to decompile. After deep analysis, the team found that the bot connects to a C&C server. On command, the Trojan accesses the Facebook account of victim and collects the Zynga Poker stats and a number of payment methods (i.e. credit card numbers) saved in the Facebook account. Once collected, information is sent back to the C&C server.

The Trojan is downloaded onto the systems by another downloader component. The downloader component was seen on the web and the victims have been fooled into downloading it.

As always we advise careful consideration before allowing a browser or another application to ‘remember’ your passwords for sensitive services and never store credit card details into any application if possible.

via ESET Blog