New rogue emails posing as official Facebook communications lead users to a website distributing a backdoor as an application called Facebook Messenger.
The emails bear a subject of "[user] listed you as his uncle" and make use of the real template corresponding to real Facebook notifications.
The body message informs recipients of several pending actions, including a friendship request and includes a www.facebook.com link that actually points to a third-party website.
The rogue page advertises a program called Facebook Messenger, which according to its description, is supposed to be an "app for quick access to messages from your Facebook account."
The screenshots presented on the page are taken from an Android phone, but the file served for download is an executable called FacebookMessengerSetup.exe, not an .apk Android package.
According to researchers from Trend Micro, the file is an installer for BKDR_QUEJOB.EVL, a backdoor that opens a connection on TCP Port 1098 and listens for commands.
The backdoor allows attackers to update the malicious file, download and run other malware applications, and launch certain processes. Information about the infected system, such as installed antivirus products and OS version, is gathered and sent to an SMTP server.
More details - link
The emails bear a subject of "[user] listed you as his uncle" and make use of the real template corresponding to real Facebook notifications.
The body message informs recipients of several pending actions, including a friendship request and includes a www.facebook.com link that actually points to a third-party website.
The rogue page advertises a program called Facebook Messenger, which according to its description, is supposed to be an "app for quick access to messages from your Facebook account."
The screenshots presented on the page are taken from an Android phone, but the file served for download is an executable called FacebookMessengerSetup.exe, not an .apk Android package.
According to researchers from Trend Micro, the file is an installer for BKDR_QUEJOB.EVL, a backdoor that opens a connection on TCP Port 1098 and listens for commands.
The backdoor allows attackers to update the malicious file, download and run other malware applications, and launch certain processes. Information about the infected system, such as installed antivirus products and OS version, is gathered and sent to an SMTP server.
More details - link
