Forgot password
Enter the email address you used when you joined and we'll send you instructions to reset your password.
If you used Apple or Google to create your account, this process will create a password for your existing account.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Reset password instructions sent. If you have an account with us, you will receive an email within a few minutes.
Something went wrong. Try again or contact support if the problem persists.
Escapist logo header image

Worm Steals At Least 45,000 Facebook Logins

This article is over 12 years old and may contain outdated information
image

Next time you’re on Facebook and get a link from some friends, be careful: It might be part of a scam to snag your login info and hack into financial institutions.

Stories of Facebook accounts getting hacked aren’t all that uncommon, but this latest case is a doozy. A worm that was originally designed to compromise bank systems has been repurposed and is now stealing Facebook login credentials.

Security company Seculert has been actively keeping track of the worm Ramnit, which was originally discovered in April 2010. Microsoft, meanwhile, has explained that the worm is “a family of multi-component malware that infects Windows executable files, Microsoft Office files and HTML files. Win32/Ramnit spreads to removable drives, steals sensitive information such as saved FTP credentials and browser cookies. The malware may also open a backdoor to await instructions from a remote attacker.”

Basically, Ramnit is capable of bypassing two-factor authentication systems, which means it’s been able to gain remote access to financial institutions.

Seculert has discovered that approximately 800,000 machines were infected with Ramnit between September and December. On top of that, a variant of the worm has stolen the login information for over 45,000 Facebook accounts.

According to Seculert:

“We suspect that the attackers behind Ramnit are using the stolen credentials to log-in to victims’ Facebook accounts and to transmit malicious links to their friends, thereby magnifying the malware’s spread even further. In addition, cybercriminals are taking advantage of the fact that users tend to use the same password in various web-based services (Facebook, Gmail, Corporate SSL VPN, Outlook Web Access, etc.) to gain remote access to corporate networks.”

If your friends start sending out a bunch of links, be extra careful. Don’t let yourself wind up a part of this statistic.

Source: Seculert via Ars Technica

Recommended Videos

The Escapist is supported by our audience. When you purchase through links on our site, we may earn a small affiliate commission.Ā Learn more about our Affiliate Policy