Facebook Users Hit By Money-Grubbing Malware

Carberp Trojan malware attempts to steal money by duping the user into divulging an e-cash voucher.

A new version of the Carberp Trojan attempts to steal money from Facebook users by duping them into divulging an e-cash voucher, researchers say.
Carberp replaces any Facebook page the user navigates to with a fake page notifying the victim that his/her Facebook account is temporarily locked, says Trusteer CTO Amit Klein in his blog. The page asks the user for their first name, last name, email, date of birth, password, and a Ukash 20 euro [approximately $25 U.S.] voucher number to confirm verification of their identity and unlock the account.
The page claims the cash voucher will be added to the users main Facebook account balance, which is obviously not the case, Klein states. Instead, the voucher number is transferred to the Carberp bot master, who presumably uses it as a cash equivalent, thus effectively defrauding the user of $25.
The emerging man-in-the-browser (MitB) attack exploits the trust users have in Facebook and the anonymity of Ukash e-cash vouchers, Klein writes. Unlike attacks against online banking applications that require transferring money to another account--which creates an auditable trail--this new Carberp attack allows fraudsters to use or sell the e-cash vouchers immediately, anywhere they are accepted on the Internet.
This type of attack is likely to grow as e-cash becomes more frequently used, Klein warns. Like card-not-present fraud, where cybercriminals use stolen debit and credit card information to make illegal online purchases without the risk of being caught, e-cash fraud is a low-risk form of crime, he said. With e-cash, however, it is the accountholder, not the financial institution, who assumes the liability for fraudulent transactions.
Read the rest of this article on
Dark Reading
.
Find out how to create and implement a security program that will defend against malicious and inadvertent internal incidents and satisfy government and industry mandates in our
Compliance From The Inside Out
report. (Free registration required.)

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
Facebook Users Hit By Money-Grubbing Malware