A new version of the Ice IX malware has been identified that attempts to trick Facebook users to enter their credit card, debit card, and/or social security numbers while they try to access their Facebook accounts. The threat has been identified by security research firm Trusteer and has warned users on Facebook not to provide any financial or personal details when logging in to Facebook.
When a user is trying to access Facebook, the malware program displays a pop-up window with a Web form, which is designed to look as if it was a request from Facebook itself. The malware asks the user to fill the following information in the blank fields provided – Cardholder name, Credit or debit card number, Expiry date, Card identification number, and Address on your monthly statement.
Trusteer shared a screenshot of the above described Web form -
In the pop-up window shown above, you can see that the attackers have put a straightforward message claiming that in order to provide additional security for the users’ Facebook account, the user needs to verify his/her identity by entering the requested information -
In order to provide you with extra security, we occasionally need to ask you for additional information.
We need to verify your identity with a credit or debit card.
Please enter the information below to continue.
Once the user enters the information, it is then delivered to the attacker’s messenger application. Trusteer also discovered a “marketing” video, presumably used by the creators of the malware to demonstrate how the web injection works in order to steal information from Facebook users.
Please make a note that Facebook never asks for your credit card number to verify your identity. If you come across such a pop-up message while accessing Facebook, it is highly recommended not to provide any details, and immediately log out from your Facebook account.
Facebook actively detects known malware on users’ devices to provide Facebook users with a self-remediation procedure including the Scan-And-Repair malware scan. To self-enrol in this check point please visit – on.fb.me/AVCheckpoint