ESET uncovers a Trojan that stole login details of more than 16000 Facebook users


ESET securities claimed that they discovered botnet naming ‘PokerAgent’ which was designed to harvest Facebook log-on credentials, collecting information on credit card details linked to the Facebook account and popular Zynga Poker player stats, presumably with the intention to mug the victims. The Trojan managed to steal the login credentials of more than 16,000 Facebook users in 2012.

According to data from ESET LiveGrid, a cloud powered real-time protection scanner, precisely 99% of all detections of Trojan were coming from Israel.  ESET has contacted Israeli CERT (Computer Emergency Response Team) as well as Israeli police in early 2012. During the investigation ESET could not provide any details about this threat publicly and presently this threat has been deactivated.

Zynga Poker is a famous app available on all popular platforms: Zynga.com, iPhone, Facebook, iPad, Android. According to AppData, the application has a monthly share of 35 million active users. Zynga Poker on Facebook is considered to be the most popular online poker platform in India. While analyzing this botnet ESET estimates that the attacker could gain access to a total of 16,194 login credentials.

The infected computers received a command to login into the user’s FB accounts and to gain the user’s Texas HoldEm score, as well as the amount of credit cards stored in his/her FB account. In case of a user w/o a credit card or low score, the infected computer received instructions to infect the victim’s FB profile with a link to a phishing site. This site has acted to directly or indirectly lure the player’s FB friends to a website resembling the FB homepage. In case the login credentials were input by them, they were also harvested by the attacker.

The number of threats utilizing Facebook is rapidly growing. To counter this trend, ESET has introduced a security application ESET Social Media Scanner which is available free of charge and is capable of scanning the user’s profile for the presence of malicious and phishing links. On top of that, the app can detect malicious links on the timeline of user’s Facebook friends.