Users are advised to be on the lookout for Pinterest pins that might lead them to websites advertising a “Pinterest Tool.”
The site instructs visitors to install a Pinterest Tool to “enjoy more features of the website.”
In reality, the tool is a malicious browser plugin that’s designed to harvest the usernames and passwords from websites visited by the victim and send the information to a remote server.
The Trojan is detected by F-Secure products as Trojan.PWS.ZAQ.
“I’m certain there are other similar attack tools. If you see similar kind of ‘tool’ offer, just close the browser window. Selecting ‘no thanks’ most likely leads to plug-in installation,” Ahlberg warns.
According to the expert, the fake Pinterest website might be run by the same individuals who are behind the diet spam campaign.