Facebook worm is back on the move. Seems hackers just can’t stop and see others in peace. Security researchers from Sophos warned of a Facebook attack, which is currently targeting Croatian users and may spread to other countries, is a password stealing Trojan via a Java Applet. The Trojan maintains the rhythm of previous such attacks by sending rouge messages from compromised accounts. The new attack asks user to add a ”Love” Button to their Facebook account which has the same functionality of a ”Like” button. All Facebook users are advised to take care and avoid any such message.
The user is directed to a page hosted on an external server, which reveals a fake screenshot of Facebook as well as the functionality of the love button in action and further details instructions on how to obtain the feature.
Users are advised to select ”Run” on the pop-up box that appears when trying to install the app. Furthermore, the users are asked to ”Like” the page which makes the Trojan to spread amongst your friends and displays a message that the Love button would show up on their profile in 24 hours.
The pop-up window is backed by a Java applet which contains a malicious code. The Trojan initiates and downloads two additional components from remote servers on the user’s computer. The Trojan is designed to steal Facebook credentials stored inside Internet Explorer, Chrome and Firefox.