Facebook Token Hijacker

Facebook Token Hijacker is a malware infection that posts messages on its victim's Facebook walls and creates events designed to attract the victim's Facebook friends in order to spread from one computer to another. Facebook Token Hijacker will send out invites to the victim's Facebook friends in order to spread additional malware. There are several variants of Facebook Token Hijacker, all spread on social networks through several kinds of social engineering techniques. The Facebook Token Hijacker version that has captured the attention of malware researchers uses an advertisement that promises a free pair of UGG boots to its victims. The reason why this version of Facebook Token Hijacker has attracted attention from malware analysts is that Facebook Token Hijacker has obfuscation techniques that have allowed Facebook Token Hijacker to circumvent current anti-malware measures.

Even though Facebook Token Hijacker uses sophisticated obfuscation techniques, Facebook Token Hijacker still requires the victims themselves in order to spread from one computer to another. To do this, Facebook Token Hijacker posts advertisements for free UGG boots. When a computer user clicks on this fake 'special offer', the computer user is required to enter their access token in order to access the Facebook application. Using this information, Facebook Token Hijacker then takes over the victim's Facebook account and uses it to spread by displaying additional advertisements on the victim's Facebook wall. As part of its attack, Facebook Token Hijacker will create a performance and bring on all of the victim's friends.

How Facebook Token Hijacker Differs from Conventional Social Network Phishing Attacks

Conventional social network phishing attacks have traditionally had trouble circumventing Facebook's Identity and Access Management Controls. While they save the victim's login information in order to use it later, a lot of times they will not be capable of accessing the victim's account due to the lack of an access token. However, Facebook Token Hijacker goes straight for the access token, allowing criminals to continue spreading this malware infection from one computer immediately after an infection. It is important to note that the goal of Facebook Token Hijacker is not to monetize from UGG advertisements or these kinds of scams, but to obtain computer users' Facebook credentials in order to spread from one computer to another. By casting a wide net, criminals can then combine these attacks with other malware and known scams in order to spread other, more destructive malware.