Carberp Trojan stealing Ukash e-cash vouchers

Jan 25, 2012

The Carberp Trojan is targeting Facebook users in an attempt to steal login credentials.
Carberp allows its developers to anonymously exploit Facebook users who use Ukash e-cash
vouchers. Carberp replaces a user Facebook page and redirects (using a MitB attack vector)
the user to a fake page notifying the user that their Facebook account is locked. The user is
asked for personal information including a Ukash 20 Euro to unlock the account. The page
claims the e-cash voucher will be added to the Facebook account; however it is transferred
to the Carberp bot master which then uses it to convert into cash. Ukash like most e-cash
voucher systems offers anonymity, so it’s easy for the fraudsters to sell the e-cash vouchers
anywhere anytime without being traced.

Source: ID Theft Protect

Recommended From Hakin9


The New Frontier of Scamming: How Real-Time Bidding is Fueling Fraud

This happened in Australia. A citizen recently received a text message....










Subscribe
Notify of
guest

This site uses Akismet to reduce spam. Learn how your comment data is processed.

0 Comments
Newest
Oldest Most Voted
Inline Feedbacks
View all comments
© HAKIN9 MEDIA SP. Z O.O. SP. K. 2023