Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror

Slashdot videos: Now with more Slashdot!

  • View

  • Discuss

  • Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).

×
Facebook

+ - New Facebook Token Hijacker Malware On The Loose->

Submitted by
halls-of-valhalla
halls-of-valhalla writes "There's a new vairant of the Facebook Token Hijacker malware on the loose, and this time it's improved. The new version of the malware now has improved obfuscation techniques to keep its code hidden from anti-malware software.

This malware sends the target user a post on Facebook claiming a special offer on UGG boots, and the user is asked to post her access token after logging into an application using Facebook's oAuth (the app ID is 350685531728). After successfully logging in, the malware hijacks the user's token and starts posting on her wall. In addition to posting, this malware also attempts to create an event and invite all the victim's friends to it.

Unlike typical phishing attacks, this attack starts exploiting the victim immediately and automatically (without being challenged by Facebook's Identity and Access Management Controls) after obtaining the necessary data."

Link to Original Source
This discussion was created for logged-in users only, but now has been archived. No new comments can be posted.

New Facebook Token Hijacker Malware On The Loose

Comments Filter:

Backed up the system lately?

Working...