On the heals of recent reports of YouTube being hacked due to a phishing scam which tricked users into entering their information into fake fields on decoy Google sites, a new rash of Facebook-related attacks has targeted the Syrian rebellion. The latest scams have also installed surveillance malware into computers of the activists targeted, including Burhan Ghalioun, Chairman of the Syrian Opposition Transitional Council.
One of the new malacious applications in circulation is called FacebookWebBrowser.exe. An unsuspecting user might see it as a legitimate Facebook security app, and click to download. Below are some screens of the malware in action, courtesy of The Electronic Frontier Foundation, Inc.:
From here, FacebookWebBrowser.exe uses a keylogger to gain access to whatever – email, YouTube, Facebook, Skype, financial institutions, etc. – As if those who oppose the Syrian government didn’t have enough to worry about besides murder. The EFF points out that Ghalioun has been targeted by the Syrian Electronic Army for allegedly having a hand in leaking emails written by Syrian president Bashar Assad. The emails in question paint a picture of a flippant president who seems to be generally uninterested in events surrounding the civil unrest in his country.
Another instance of Syrian Electronic Army phishing surrounds fake Facebook sites being hosted at a site called Cixx6. A screen below depicts a false Facebook Login field:
The fake sites log information that unsuspecting users enter while attempting to access their accounts. It is also noted that a user’s Facebook friends might also be victims of malware, and that any links posted by friends on walls or sent in messages might be compromised. And, judging from the screens above, one should be cautious of URLs while accessing Facebook. When one is used to accessing a certain site over and over, it is easy to be duped by a fake site that looks very similar to the real thing.