PokerAgent botnet stole over 16,000 Facebook credentials

PokerAgent botnet was discovered in 2012 by ESET Security Research Lab, which is a Trojan horse designed to harvest Facebook log-on credentials, also collecting information on credit card details linked to the Facebook account and Zynga Poker player stats.

According to latest report, the botnet is still active mostly in Israel and 800 computers were infected, where over 16194 Facebook credentials stolen. The Trojan is active with many variants and belongs to MSIL/Agent.NKY family.
PokerAgent infographicESET reveal that, the Trojan is coded in C# language and easy to decompile. After deep analyse, team found that the bot connects to the C&C server. On command, Trojan access the Facebook account of victim and collects the Zynga Poker stats and number of payment methods (i.e. credit cards) saved in the Facebook account. Once collected, information sent back to the C&C server.
The Trojan is downloaded onto the system by another downloader component. This downloader component was seen on the web and the victims have been fooled into downloading it.
ESET tracking of the botnet revealed that at least 800 computers have been infected with the Trojan and that the attacker had at least 16194 unique entries in his database of stolen Facebook credentials by March 20, 2012. “We advise careful consideration before allowing a browser or other app to ‘remember’ passwords for sensitive services and before storing credit card details into any application (not only Facebook!).” ESET advice.
Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

  • Blog Stats

    • 10,847 hits
  • Upcoming Events

    No upcoming events

%d bloggers like this: