Security firm Trusteer Wednesday said it's identified a new browser-based malware attack against Facebook users that's aimed at stealing money through e-cash payment system Ukash.
Amit Klein, CTO at Trusteer, says this new variant on the Carberp Trojan tries to steal money by tricking victims into divulging payment information for the Ukash electronic voucher payment system.
According to Trusteer, the Carberp botnet malware works by replacing any Facebook page the user navigates to with a fake page that then tells the victim that the Facebook account is "temporarily locked," asking for personal information, such as name, e-mail, date of birth, password and a Ukash 20 Euro (about $25) voucher number to "confirm verification" of their identity and unlock the account.
This fake Facebook page then claims the cash voucher will be "added to the user's main Facebook account balance." This scam, says Klein, is the first spotted so far related to Facebook and the Ukash payment system, and Facebook users should recognize it and be wary if they see it.
"You should always be suspicious of odd or unconventional requests," Klein says.