Trend Micro has spotted a malware sample, TSPY_MINOCDO.A, which targets Facebook users. The malware redirects users to a spoofed page of the social network and claims to be part of the site's security check feature, even showing the tagline “Security checks help keep Facebook trustworthy and free of spam”.
The malware redirects all traffic to facebook.com and www.facebook.com to the system itself using the victim machine's HOST file. This ensures user can never access the legitimate Facebook pagesm and at the same time the malware spies all the browser activity and redirect the victim to the malicious site.
Trend Micro says users may fall victim to the malware by taking the 'security check' for face value. Affected users may end up relaying their details, and exposing their credit card credentials to 'cybercriminal infiltration'.
“Upon further analysis, we also discovered that the malware performs DNS queries to several domain names. What this means that the people behind this are prepared for server malfunction and has a backup to continue stealing information,” says the security firm in a blog post.