Ice IX Malware Tricks Facebook Users to Enter Credit Cards Details
By on April 5th, 2012

A new version of the Ice IX malware has been identified that attempts to trick Facebook users to enter their credit card, debit card, and/or social security numbers while they try to access their Facebook accounts. The threat has been identified by security research firm Trusteer and has warned users on Facebook not to provide any financial or personal details when logging in to Facebook.

When a user is trying to access Facebook, the malware program displays a pop-up window with a Web form, which is designed to look as if it was a request from Facebook itself. The malware asks the user to fill the following information in the blank fields provided – Cardholder name, Credit or debit card number, Expiry date, Card identification number, and Address on your monthly statement.

Trusteer shared a screenshot of the above described Web form -

Facebook Ice IX Malware Attack

In the pop-up window shown above, you can see that the attackers have put a straightforward message claiming that in order to provide additional security for the users’ Facebook account, the user needs to verify his/her identity by entering the requested information -

In order to provide you with extra security, we occasionally need to ask you for additional information.

We need to verify your identity with a credit or debit card.

Please enter the information below to continue.

Once the user enters the information, it is then delivered to the attacker’s messenger application. Trusteer also discovered a “marketing” video, presumably used by the creators of the malware to demonstrate how the web injection works in order to steal information from Facebook users.

Please make a note that Facebook never asks for your credit card number to verify your identity. If you come across such a pop-up message while accessing Facebook, it is highly recommended not to provide any details, and immediately log out from your Facebook account.

Facebook actively detects known malware on users’ devices to provide Facebook users with a self-remediation procedure including the Scan-And-Repair malware scan. To self-enrol in this check point please visit – on.fb.me/AVCheckpoint

Tags: ,
Author: Joel Fernandes Google Profile for Joel Fernandes
Joel Fernandes (G+) is a tech enthusiast and a social media blogger. During his leisure time, he enjoys taking photographs, and photography is one of his most loved hobbies. You can find some of his photos on Flickr. He does a little of web coding, and maintains a tech blog of his own - Techo Latte. Joel is currently pursuing his Masters in Computer Application from Bangalore, India. You can get in touch with him on Twitter - @joelfernandes, or visit his Facebook Profile for more information.

Joel Fernandes has written and can be contacted at joel@techie-buzz.com.
 
Copyright 2006-2012 Techie Buzz. All Rights Reserved. Our content may not be reproduced on other websites. Content Delivery by MaxCDN