Facebook “love button” app links to malware

If you spot a Facebook post or a message that advertises an application that will let you “unlock” a “love” (<3) button if you run it - don't do it. If you do, you will be actually running a malicious Java applet that downloads a password-stealing Trojan.

You don’t even have to press a button to install the application – a simple visit to the application’s page (which is displayed in Croatian) will trigger a pop-up that will ask you to run the application which – unexplainably – masquerades as a “Sun Microsystems Java Security Update 6”:

If this warning fails to arouse your suspicion and you run the application, the Java applet will download an .exe file from a URL passed as a parameter on the website.

“It then saves and executes it as “NortonAV.exe” from the local user profile folder,” explains McAfee’s expert. “The downloaded trojan payload is a password stealer which search for passwords stored on the user’s machine. It then sends a password log to an e-mail account on gmail.com over an encrypted SMTP/TLS connection.”

Don't miss