A Botnet called "Poker Agent" identified about a year ago, which designed to steal Facebook account credentials, also stealing payment information linked to Facebook account and Zynga Poker.
According to the ESET analysis, the threat was mostly active in Israel. 800 computers were infected, over 16,000 Facebook credentials stolen.
Once the malware infect a system, it gets commands from remote C&C Server to log into Facebook accounts and collects the information including Zynga Poker Stats and Number of payment methods (i.e. credit cards) saved in the Facebook account.
The Trojan publish phishing link in the victims' wall in order to compromise more Facebook accounts credentials.
The Cybercriminals seemed to have ceased actively spreading the Trojan mid-February 2012. Israeli CERT and law enforcement have been notified and an investigation has been launched. Facebook has also been notified and has taken preventive measures to thwart future attacks on the hijacked accounts.
According to the ESET analysis, the threat was mostly active in Israel. 800 computers were infected, over 16,000 Facebook credentials stolen.
Once the malware infect a system, it gets commands from remote C&C Server to log into Facebook accounts and collects the information including Zynga Poker Stats and Number of payment methods (i.e. credit cards) saved in the Facebook account.
The Trojan publish phishing link in the victims' wall in order to compromise more Facebook accounts credentials.
The Cybercriminals seemed to have ceased actively spreading the Trojan mid-February 2012. Israeli CERT and law enforcement have been notified and an investigation has been launched. Facebook has also been notified and has taken preventive measures to thwart future attacks on the hijacked accounts.