The cybercriminals use a Citadel Trojan that displays pop-ups encouraging users to donate money to children in need of humanitarian aid.
In order to donate money, Facebook users are asked to fill in their credit card details. This particular malware is able to attack unsuspecting users based on their country and language settings.
The malware allows users to see the fake charity donation requests in five different languages which include English, Italian, Spanish, German and Dutch.
Trusteer notes that the criminals do not use the same text for each language and have customised each attack to fit a user’s country or region.
In the English version of the attack, scammers ask users to make a $1 donation for impoverished Haitian children. The scammers then ask for users to fill out a form detailing their name, card number, expiration date, CVV and even their security password.
In the Dutch version of the attack the cyber criminals have even pretended to be part of the internationally- known charity, Save the Children.
Amit Klein, CTO of Trusteer says the method used by the scammers is well designed.
This attack illustrates the continuing customization of financial malware and harvesting of credit card data from the global base of Facebook users", says Klein. "Using children’s charities as a scam makes this attack believable and effective. Meanwhile, the one dollar donation amount is low enough that virtually anyone can contribute if they choose. This is a well-designed method for stealing credit and debit card data on a massive scale."
