Trojan Disguised as “Pinterest Tool” Steals Users’ Login Credentials

An expert has found the Trojan on a fake Pinterest website

By on July 8th, 2013 09:02 GMT

Users are advised to be on the lookout for Pinterest pins that might lead them to websites advertising a “Pinterest Tool.”

Security expert Janne Ahlberg, who came across the malicious tool while analyzing the massive diet spam campaign, has identified a website called pinteresf.org.

The site instructs visitors to install a Pinterest Tool to “enjoy more features of the website.”

In reality, the tool is a malicious browser plugin that’s designed to harvest the usernames and passwords from websites visited by the victim and send the information to a remote server.

The Trojan is detected by F-Secure products as Trojan.PWS.ZAQ.

“I’m certain there are other similar attack tools. If you see similar kind of ‘tool’ offer, just close the browser window. Selecting ‘no thanks’ most likely leads to plug-in installation,” Ahlberg warns.

According to the expert, the fake Pinterest website might be run by the same individuals who are behind the diet spam campaign.

Comments