14 DAY TRIAL // Malware that’s designed mainly to steal banking information, such as ZeuS or SpyEye, collects other pieces of sensitive information it comes across on a computer, including social media account login credentials. To make sure this secondary loot doesn’t go to waste, cybercriminals opened what they call “Factory Outlets” to sell the precious data.
Trusteer researchers came across such a store in which the crooks offer social media account access credentials picked up from users all over the world.
Facebook, Twitter and even Vkontakte (the Russian equivalent of Facebook) accounts can be purchased in bulk, from specific countries, or even combined with other information such as email addresses that can be utilized to launch spam campaigns.
In this specific store, the owners claim to possess around 80 gigabytes of user data and if we consider that all that quantity is probably in simple text format, 80 gigabytes is a lot.
In other stores, cybercriminals advertise website control panel (cPanel) credentials, which allow someone to take over a site entirely, setting it up to serve malware or any type of arbitrary content.
Compromised websites can be utilized efficiently for drive-by attacks and combined with the social media accounts these sites can be easily advertised.
The advantage of controlling these domains also lies in the fact that most of these domains don’t have a bad reputation, allowing the crooks to launch their campaigns without being detected by reputation systems.
Besides the modern security solutions that are able to analyze banking operations in real time to determine if they’re under any kind of threat, Facebook also provides some clever anti-fraud mechanisms.
Facebook representatives state that the social networking site actively detects known malware samples on the devices of their customers to ensure that they’re protected. Furthermore, in order to access a Facebook account, fraudsters need more than a username and a passwords.
Even if the login credentials are correct, the internal systems check every login to the site in search for malicious activity. Finally, users who want to aid Facebook in the fight against malware and scams can report any content they find to be suspicious.