[Gen:Variant.Downloader.167] Trojan being shared via Facebook messages

Gen:Variant.Downloader.167

5 days ago a Anonymous person uploaded a malware sample of the GEN:VARIANT:DOWNLOADER.167 trojan on the Virustotal website. The file which holded the malware was titled ‘neli_pantea923e7a54.zip’. Security researchers from BitDefender have warned that the trojan is infecting hundreds of computers via malicious Facebook messages.

The malware uses friendly messages, so the user will not think that it is a malicious request. Take a look at the examples below, which shows you how the malware is beind spread:

  • I want to post these pictures on Facebook, do you think it’s OK? [link]
  • I want to share these pictures on Facebook, but i am not sure.. [link]
  • I just made these pictures for my boyfriend, do you think they are oke? [link]

Polite malware

Be aware for messages on social media as they are easily changed to malicious messages. The cybercriminals that use these type of schemes will always try to infect unaware users. We made a list of tips on how you can stay safe on the internet. Use this guide to secure your social media accounts.

Variant.Downloader.167
Gen:Variant.Downloader.167

Gen:Variant.Downloader.167

The cybercriminals are using the GEN:VARIANT:Downloader.167 as it allows them to harvest confidential data like:

  • usernames
  • passwords
  • banking credentials
  • e-mails

According to the report, the highest rates of infection can be found in:

  • Romania
  • Germany
  • Canada
  • United States
  • United Kingdom
  • France
  • Denmark

Reporting malware

There’s one problem when trying to report posts linking to malware to Facebook. You cannot mark anything as malware, and you cannot add any comments. Due to this situation, the question whether anything is done with a report depends on whether or not the helpdesk employee understands why you report such a post (in this picture it’s of course Obvious with the name of the malware included).