The IT security researchers at Radware have discovered a sophisticated malware campaign targeting unsuspecting Facebook users in the name of a painting application called ‘Relieve Stress Paint.’ As a result, tens of thousands Facebook accounts have been compromised in the last couple of days.
The application is available on a website which takes advantage of Unicode representation to appear in search engines including Google as Aol.net, a web portal, and online service provider originally known as America Online – It is noteworthy that a couple of weeks ago AOL’s advertising platform was hacked to mine cryptocurrency.
According to the Radware researchers, the application is being spread via a phishing email and upon installing it launches a legitimate looking program allowing users to change colors, line size and other features like the default Microsoft Paint app. However, in reality, the app steals data from Chrome browser including saved Facebook login credentials and cookies.
Radware researchers were able to access the control panel of the command-and-control server used by cybercriminals and noted that there were more than 40,000 devices infected with the malware. This means tens of thousands Facebook accounts are currently being compromised due to the ongoing campaign.
Furthermore, researchers noted that the server is based on a Chinese CMS called Layuicms 2.0 and contains a category for Amazon, meaning that based on the recent incidents including exposed Amazon S3 buckets the next target of malicious hackers could be Amazon.
But it does not end here, researchers also identified a variant of this malware. It is unclear what the cybercriminals will do with the data however researchers believe that it can be sold to cybercriminals, used for identity theft, cyber espionage, and ransom scams.
It is advised that users should refrain from installing third-party apps. It was just yesterday when Minecraft users came under malware attack due to the use of malicious third-party skins. Moreover, avoid clicking on links and downloading attachments in unknown emails.
Facebook is currently investigating the issue.