The Trojan spreads by Facebook’s Messenger service. It messages a victim masquerading to be one of their ‘friends’ using the popular term ‘LOL’. The attached file, which appears to be a photo, is named “IMG_xxxx.zip”. Malwarebyte’s Malware Intelligence manager Adam Kujawa said in an email to popular online tech site, The INQUIRER, “Once downloaded, the user unzips the file and clicks on what they assume is an image file, still called ‘IMG_xxxx.jar’…The JAR file executes, downloads malware and infects the system.” The user’s Facebook account is then infected and compromised. The account is then used to send the Trojan to the users friends and unfortunately the cycle continues.
“Unlike previous versions of this scam, it is almost like the cyber criminals decided to make an amalgam of different infection tactics to obtain the normal goal…The first is the use of instant messaging; we have seen plenty of malware use instant messaging in various forms to send malicious files to victims, including Skype, MSN, Yahoo, etc.” Kujawa added, noting that there are 4 such tactics that are revealed in this type of attack.
The second, Kujawa said, is the use of the text ‘LOL’, which is a clever ‘hook’ to coerce the user open the file. Similar attacks have often used terms like “OMG, is this you?” or “I can’t believe someone posted this.” They all have the same purpose, to grab the attention of the user.
The third tactic is the misuse of the zip file format to mask the attack. The user unzips it in order to find the file that they were looking for; only in reality they find the malicious file instead.
“The fourth [tactic] is the use of a JAR file, or java file. Usually we only see this kind of method used on drive-by attacks, where the Java is used to exploit the system and execute the malware…In this case, the java file (not inherently malicious on its own) reaches out and downloads the actual malware from a remote Dropbox account. It then installs the malware as a service on the system, silently,” Kujawa Said.
Obviously, to protect yourself, it is recommended never to open a file which you are unsure of. What do you think? Do we need more information on how to deal with this type of infection? If you have any sensible comments regarding this story, please leave your comments in the section below.
[Image via blogs.independent]