BAN Malware - Hijack Akaun Facebook Melalui Chrome Dan Mozilla [Baca Alert]

Generasi Y adalah generasi hacker membiak mengalahkan cendawan berbunga dimusim hujan. Macam mana secure sekalipun sistem, bila hacker mengetahui program yang digunakan, easily attacking akan berlaku.

Aku bawakan khas daripada web buletin hacker yang menyatakan extension apps dalam chrome dan mozilla terdapat malware yang boleh hijack account facebook korang semua. So, dengan persetujuan ahli kabinet langkasuka, aku cadangkan ko tak payahlah install bagai jenis extension dalam chrome dan mozilla. Dan untuk security juga pastikan cookies dalam browser tak disimpan terlalu lama. Make sure clear disk ataupun format your computer jika terasa bahang tahi dan terlalu banyak hinggap.

Akhir kata, Sediakan sabun sebelum berak.

credit info :  blackhat

As we also reported about a browser extension malware which is hijacking online accounts, now Microsoft also got requests from user a Malicious browser extension similar to that hijacking Facebook profiles.

According to Microsoft they received many request from users about a Malicious browser extension which is trying to hijack Facebook profiles, this threat was first discovered in Brazil and Microsoft detected as Trojan:JS/Febipos.A, Microsoft's technet blog report says.

This Malicious Browser extension specially targeting Chrome and Mozilla.

When installed, it attempts to update itself using the following URLs:  

Chrome browser:- du-pont.info/updates/<removed>/BL-chromebrasil.crx  
Mozilla Firefox browser:- du-pont.info/updates/<removed>/BL-mozillabrasil.xpi 

Note: Updated versions of this threat have been verified and are still detected as Trojan:JS/Febipos.A.

To begin with, this Trojan monitors a user to see if they are currently logged-in to Facebook. It then attempts to get a configuration file from the website <removed>.info/sqlvarbr.php. The file includes a list of commands of what the browser extension will do.

Depending on the file, this malware can do any of the following in the Facebook profile of an infected system:
Like a page
Share
Post
Join a group
Invite friends to a group
Chat to friends
Comment on a post

At the time of writing this blog, we also seen the following behavior.(Microsoft says)
The configuration file contains a command to post the following message in Facebook:
GAROTA DE 15 ANOS VÍTIMA DE BULLYING COMETE SUICÍDIO APÓS MOSTRAR OS SEIOS NO FACEBOOK
Vìdeo no link abaixo:<Currently unavailable link>

It is written in Portuguese and here’s an English translation:
15 YEAR-OLD VICTIM OF BULLYING COMMITS SUICIDE AFTER SHOWING HER BREASTS ON FACEBOOK.
Video on the link below: <Currently unavailable link>

The above URL is unavailable and already blocked by Facebook.

The number of “likes” for this page grew as we analyzed this malware. When we began analysis the page statistics looked like this:

·         Facebook page likes: 2,746
·         Facebook shared link likes: 167
·         Number of comments: 165

After several hours this had risen to:
·         Facebook page likes: 3,177
·         Facebook shared link likes: 201
·         Number of comments: 183

Info Asal : HackerBuletin