A new malware called Stresspaint adds stress to over 35000 Facebook users.
As if Facebook’s own collection of user information was enough to stress you out, there’s a new malware that is targeting your Facebook account. The new malware is called Stresspaint, and actually offers a real, working app.
Stresspaint is an information stealer that is currently targeting Facebook login information. The malware is distributed through a Windows application named “Relieve Stress Paint”. The malware is obtained through a URL which is camouflaged utilizing Unicode characters. While the user sees this domain as “aol.net” it’s actually a different domain altogether.
User’s that fall for the scam, will be given a drawing tool that actually works. But while the application is working, other things are going on in the background. Two modules run in the background. One which grants the malware persistence, so it operates upon each boot, and another which is believed to be what is stealing credentials.
Researchers note that the Trojan is currently focused on stealing Chrome login data and cookies databases. This information is encrypted and transmitted to the C&C servers. These researchers have traced the information back to a control panel, which is in Chinese, and displays Facebook credentials. There is also a section for Amazon data that is not currently being used.
The malware has so far infected over 35,000 users, mostly in Vietnam, Russia, and Pakistan. The malware creators are actively validating the stolen Facebook credentials, and more information is being collected. Most notably, the they are collecting number of friends, if the user manages a Facebook Page, and if the account has payment information saved.
The security researchers have notified Facebook of the malware.
Source: Bleeping Computer