Trojan stole over 16,000 Facebook credentials

Facebook iconThis is an article reposted from Help Net If you’re a Facebook game-player, especially if you play Zynga Poker’s Texas Hold’Em Poker; you and your computer may be a victim of the Trojan malware discussed below.

ESET [an IT security company] discovered a social engineering Trojan horse that managed to steal the login credentials of more than 16,000 Facebook users.
The ‘PokerAgent’ Trojan targeted Zynga Poker, the most popular online poker site in the world. Zynga Poker hosts the Texas Hold’Em Poker App for Facebook. According to APPData, the game has more than 35 million active monthly users.
Specifically, the malware was designed to steal users’ Facebook login details and link them with user information for the online poker game. ESET first began studying the Trojan in early 2012. However, thanks to proactive generic detection of this threat, ESET users were protected against the Trojan as early as December 2011.

Because ‘PokerAgent’ was most active in Israel, ESET contacted the Israeli CERT as well as the Israeli police in early 2012. Because of the ongoing investigation, ESET was not able to publicly disclose any details about the threat. However, in addition to working with the Israeli CERT team, Facebook was also notified and took immediate preventive measures to protect their members and thwart future attacks on the hijacked accounts.
The attacker used the malware to gain access to the users’ Facebook login credentials, their game scores, information on the number of credit cards stored in their Facebook settings, and their ability to buy more online credit. The game’s functionality allowed credit card and PayPal payment to be used to increase chip value.
In cases where the user wasn’t using a credit card, or had a low game score, the infected computer received instructions to infect the victim’s Facebook profile with a link to a phishing site. That site then acted to directly, or indirectly, lure the player’s friends to a website resembling the official Facebook homepage where, if they input their login credentials, the attacker harvested their information.
In order to gain login credentials, the attacker used a botnet army of 800 computers–all infected and controlled by the attacker using a command and control server.
One way to protect against a phishing attack is to pay attention to the page address or URL. “To protect against attacks relying on social engineering methods, having a good security solution is not enough, users should be attentive to any such ploys,” said Robert Lipovsky, ESET security intelligence team lead. “The user could recognize the fake Facebook login page if they checked the site’s URL.”
ESET estimates that the ‘PokerAgent’ Trojan potentially gained access to a total of 16,194 login credentials and that, in addition to Texas Hold’Em Poker on Zynga Poker, other Facebook applications could have been similarly infected.
The number of threats utilizing Facebook is rapidly growing. More than 11.5 million Americans were victims of identity fraud in 2011, according to Javelin Strategy & Research. Social media is also a growing factor in the threat landscape with nearly five percent of Facebook users reporting some degree of identity theft.

Reference: Help Net Security article

Be very careful…it’s dangerous out there.

Please comment on this article; we all learn from each other when our views and opinions are shared.

I hope you enjoyed this article. If you enter your email address in the Email Subscriptions box on the right column of this page, I’ll send you an email when a new article is posted. I don’t share your email address with anyone…no one; I hate spam too. Please share my site with your friends and family. Thanks.

Remember, personal computing is a blast…keep it productive and enjoyable.

Best regards,



I’m also on Twitter, @PaulsInternet.

Images courtesy of and


Leave a comment

Filed under Cybercrime, Facebook, Internet, Internet Security, malware, Social Networking

What do you think?

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s