There’s a new password-swiping virus spreading on Facebook, and once again the malware preys on the social trust accrued by the network.
Over 800,000 people have already been affected by the virus, which looks like a video sent by a friend. Once someone clicks on it, they are routed to a website that tells them they need to download a plug-in to watch the video.
And if they download the plug-in is when trouble starts. The download gives the malware creators access to a user’s password, often for email as well as Facebook and Twitter. This gives the attacker the ability to pretend to be their victim, potentially wringing more personal information out of their accounts. This is how the virus spreads; since the attackers have access to the infected accounts, they use those handles to reach out to other victims, spreading the video.
Carlo de Micheli, one of the researchers, told the New York Times that instances of the attacks were growing rapidly, with 40,000 new cases an hour.