On the morning of 26th June, news of a phishing campaign hit the
Israeli media. Thousands of Facebook users complained that they had been
infected by a virus through their accounts after they received a message
from a Facebook friend claiming they had mentioned them in a comment.
Kaspersky Lab decided to investigate. We quickly discovered that the
message had in fact been initiated by attackers and unleashed a
two-stage attack on recipients. We also found that the attack was not
confined to Israel, but was hitting targets worldwide.
The first stage of the attack started when the user clicked on the
“mention”. A malicious file seized control of their browsers,
terminating their legitimate browser session and replacing it with a
malicious one that included a tab to the legitimate Facebook login page.
This was designed to lure the victim back into the social network site.