The case of identity stealing malware

Make sure your Facebook friends are not actually pieces of malicious software!

Social media can be a cybersecurity minefield with all the sensitive information that goes onto Facebook and Twitter. An innocent picture of the family dog may give an attacker insight into your password security hint. Account hijacking is also troublesome, particularly when it happens to a respected news organization. And these threats aren't diminishing: Users and businesses alike may have more to worry about, as cybercriminals have created malware that breaks into your Facebook account.

Malware that pretends to be you
The malicious program, known as the JS/Febipos.A Trojan, masquerades as a browser extension for Firefox and Chrome. Once a user's machine is infected, the Trojan checks whether the user is logged into Facebook. Once it has access to your account, it can like pages, share links, post status updates and chat with your friends. This malware scam can be particularly nasty to spot because it frequently changes the wording of its messages and has been seen posting in several different languages.

In addition to implementing application control, users should exercise caution before clicking on links sent to them through Facebook or Twitter. Even when content seems to come from a friend, it may be malicious software instead. 

Social media responds to hacking
There is some good news in light of the recent social media cyberattacks: Social media websites are improving the safeguards they have implemented. Following the Associated Press Twitter hijacking, the social network announced it would enable layered security measures such as two-step authentication.

This tactic, which Google also allows in its email services, allows users to input a randomized code in addition to their usernames and passwords. This makes accounts much more difficult to break into and is generally pretty easy to deal with on the user's end of things. Although one common strategy is to send the code to the user's smartphone, popular online game developers such as Blizzard also sell physical key generators that can be tied to users' accounts. 

The benefit of two-factor authentication is that it prevents a lot of attacks that aren't all that sophisticated and can mitigate threats from social engineering. However, the presence of malware that can take control of Facebook means that users will need more than their logins to protect them. 

Have any of your accounts ever been hacked? How long did it take to fix the problem? Let us know in the comments! 

Scott Cornell

When he’s not knee deep in blogging and all things tech, Scott spends his free time playing ultimate Frisbee and watching foreign films. An expert in emerging tech trends, Scott always has his ear to ground for breaking news related to IT security.