Beta

Slashdot: News for Nerds

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

New Facebook Token Hijacker Malware On The Loose

halls-of-valhalla (2811997) writes | about a year and a half ago

Facebook 0

halls-of-valhalla writes "There's a new vairant of the Facebook Token Hijacker malware on the loose, and this time it's improved. The new version of the malware now has improved obfuscation techniques to keep its code hidden from anti-malware software.

This malware sends the target user a post on Facebook claiming a special offer on UGG boots, and the user is asked to post her access token after logging into an application using Facebook's oAuth (the app ID is 350685531728). After successfully logging in, the malware hijacks the user's token and starts posting on her wall. In addition to posting, this malware also attempts to create an event and invite all the victim's friends to it.

Unlike typical phishing attacks, this attack starts exploiting the victim immediately and automatically (without being challenged by Facebook's Identity and Access Management Controls) after obtaining the necessary data."

Link to Original Source

cancel ×

0 comments

Check for New Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Create a Slashdot Account

Loading...