We recently discovered a configuration of the Citadel malware that targets Facebook users with a a fake request for donations to children’s charities in order to steal credit card data.
After users have logged into their Facebook account, the Citadel injection mechanism displays a pop up that encourages the victim to donate $1 to children who “desperately” need humanitarian aid. Then, it asks users to fill in their credit card details. The malware is configured to deliver the attack based on the user's country/language settings, with web-injection pages in five different languages: English, Italian, Spanish, German and Dutch.
In an interesting twist, the criminals do not reuse the same text for every language. Instead, they have customized each attack based on the victim’s country and/or region.
More at the link: http://www.trusteer.com/blog/malware-targets-facebook-users-children%E2%80%99s-charity-scam
Forgot to post the link.
Edited by herg62123, 25 July 2012 - 01:09 AM.