Massive Facebook Spam Campaign Targets Users

Eko malware is delivered through Facebook spam messages by infected friends. It asks them if they are the person in the linked video file, which is a malicious link that poses as a YouTube video embedded in the message.

Breach

Massive Facebook Spam Campaign Targets Users with Eko Malware

Eko malware is delivered through Facebook spam messages by infected friends. It asks them if they are the person in the linked video file, which is a malicious link that poses as a YouTube video embedded in the message. The message itself is unique as it includes the profile picture of the person, their name, and a link with the text “xic.graphics”. Infected user accounts send similar messages to their Facebook Messenger contacts.

Upon installation, Eko malware can inject advertisements in the browser, and collect private information, such as stored passwords, browser history, and bank account details.  

References: Facebook DM Spam Campaign Targets French Users with Eko Malware | Eko Malware Targets Facebook Users | Eko Malware Is Delivered via Massive Facebook Spam

 

Mitigation Strategies:

  • Web filtration to prevent users from clicking on malicious websites, videos, and advertisements
  • FIM solution would detect any type of file modification or addition
  • Intrusion detection system (IDS) signatures would detect intrusion and network anomalies

Malware

Odinaff Trojan Targets Banks Worldwide

Odinaff Trojan first appeared in January, and is attacking organizations in the banking, securities, trading and payroll sectors. It contains custom-built malware tools to spy on networks, steal credentials, and monitor and record employees, which resembles the Carbanak Trojan.

Odinaff Trojan is very sophisticated, and the group behind it is believed to be well-resourced and professional. It can take screen shots of the infected system and sent to its remote Command-and-Control server, download and execute RC4 cipher keys, as well as issue shell commands.

References:  Carbanak-Like Odinaff Trojan Targets SWIFT, Banks Worldwide | The Odinaff Trojan Hits Banks Worldwide, Monitors Networks and Steals Data | Odinaff: New Trojan Used in High Level Financial Attacks

Mitigation Strategies:

  • Mail filtration would scan incoming files and hyperlinks of any malicious links or code
  • Intrusion detection system (IDS) signatures would detect intrusion and network anomalies
  • FIM solution would detect any type of file modification or addition
  • Log management could detect any suspicious user account activity
  • Security Operations Center team provides 24x7 security monitoring, daily log review, web application firewall management and advanced anomaly detection

Top 20 Malicious IP Addresses

109.234.36.39 188.118.2.26
118.170.130.207 81.183.56.217
46.109.168.179 183.60.48.25
114.44.192.128 162.222.194.12
87.222.67.194 101.18.48.50
74.208.12.145 188.227.75.149
110.154.188.40 123.31.34.16
110.78.170.210 103.228.65.77
103.212.143.185 104.36.179.90
190.147.160.32 45.76.145.77

*IP addresses provided by Recorded Future.