- Justin Bieber fans are damaging one of Iceland’s top tourist spots Sunday 1:28 PM
- James Charles drops 41-minute response video to Tati Westbrook’s accusations Sunday 1:15 PM
- Watch what happens when this Twitch streamer quits his job on camera Sunday 12:25 PM
- Men are finally sharing their abortion stories Sunday 10:58 AM
- Netflix’s ‘Maria’ is a trigger-happy B-movie Sunday 9:07 AM
- How to stream Money in the Bank 2019 for free Sunday 9:00 AM
- How to watch ‘Game of Thrones’ season 8, episode 6 for free Sunday 8:00 AM
- These ‘Game of Thrones’ houses are gone forever Sunday 7:54 AM
- The 10 best anime movies on Hulu Sunday 7:00 AM
- Vibe TV puts a premium price tag on piracy Sunday 6:00 AM
- Twitter unites in collective confusion over ‘Democrats for Trump’ trending Saturday 2:28 PM
- YouTube star tweets and deletes video of his Black cousin ‘Peanut’ acting as a stool Saturday 1:04 PM
- The ‘Do you wash your legs in the shower’ debate has now escalated to feet Saturday 12:20 PM
- Trump posts a world-class golf score, and the internet laughs at him Saturday 10:46 AM
- Lili Reinhart dragged the ‘Game of Thrones’ petition, sparking debate about TV and ‘fan service’ Saturday 9:42 AM
The social network is investigating.
Last week, security researchers at Radware detected the malicious activity of a group that was sending out phishing emails to Facebook users around the world. Attached to the messages was a link to download a seemingly innocuous painting application designed to relieve stress. But the “Relieve Stress Paint” app did the opposite of what it promised, infecting users with an appropriately named malware called Stresspaint.
To throw users off its tracks, the bad actors disguised “Relieve Stress Pain” as aol.net on search engines and in emails using Unicode characters. Its true address is a much scarier “xn--80a2a18a.net.” You can see below how a search query for getting rid of stress pulls up the malware in a fake AOL domain.
Once an unknowing user presses on it, a window pops up that looks similar to Microsoft Paint. The program will act like a legitimate paint program, allowing users to switch colors and line size. While they’re tinkering, the malware infects the computer, downloads Chrome cookies and Facebook passwords, and immediately deletes itself after about a minute. The cookies are transferred and queried at a new location where additional data, like the number of friends an account has, whether an account manages a page, and payment data is gathered from predefined Facebook URLs. Stresspaint copies the files each time the program is opened or when an infected user restarts their computer.
Nissim Pariente, director of security analytics and research and development at Radware, told the Daily Dot that he can only guess what the bad actors may have stolen from accounts, but it’s likely that payment information, personal messages, and sensitive images were compromised.
It’s also unclear what the information is being used for. Radware suspects the criminals will either sell the data, use it as ransomware/espionage, or engage in identity theft by reusing the credentials. However, since the malware is only focusing on Facebook members with a large following, Radware fears it will use accounts to spread propaganda or create malvertising campaigns.
After gaining access to its control panel, Radware determined some 40,000 Facebook users in two dozen countries had been infected in a matter of days. The security firm says the malware was developed professionally given its rapid distribution and suspects an attack on Amazon is imminent based on its findings. As you can see in the charts below, several thousand users were infected every day this week. Most of the attacks occurred in Vietnam and Russia, with around 500 affecting U.S. users. It’s unclear where the attacks originated, although text in the control panel suggests it may have come from China.
As always, the best advice to protect yourself from the attack is to update your password and avoid downloading apps from unknown sources. You can also go to the security and login settings of your account to see where devices are logged in from. If you come across something suspicious, change your password and set up two-factor authentication with your phone number.
Radware made Facebook aware of the malicious activity. The beleaguered social giant provided the following statement:
“We are investigating these malware findings and we are taking steps to help protect and notify those who are impacted. We maintain a number of automated systems to help stop harmful links and files from appearing on Facebook and in Messenger. If we suspect your computer is infected with malware, we will provide you with a free anti-virus scan from our trusted partners. We share tips on how to stay secure and links to these scanners on facebook.com/help.”
Phillip Tracy is a former technology staff writer at the Daily Dot. He's an expert on smartphones, social media trends, and gadgets. He previously reported on IoT and telecom for RCR Wireless News and contributed to NewBay Media magazine. He now writes for Laptop magazine.