TROJ_FEBUSER.AA

The TROJ_FEBUSER.AA Trojan is a fake Web browser extension that is used to hijack social media accounts. TROJ_FEBUSER.AA is installed when the computer user downloads a fake video player update. This is a typical way in which malware is distributed; a computer user clicks on a video on an unsafe website (for example, a pirated movie streaming site or a website with pornographic material) and a dialog appears to claim that it is necessary to download a video code or an update for the victim's video player. The video player 'update' turns out to be TROJ_FEBUSER.AA or another malicious file. One of the main problems associated with TROJ_FEBUSER.AA that has caught the attention of PC security researchers is that this threat is digitally signed, making TROJ_FEBUSER.AA more effective than other threats for attacking inexperienced computer users.

The TROJ_FEBUSER.AA Hijacks Social Network Accounts

The TROJ_FEBUSER.AA installs a browser extension for Chrome or Firefox and does not seem to affect Internet Explorer, Opera or Safari. The TROJ_FEBUSER.AA claims to be a 'service pack' for the affected Web browser and references the security company F-secure. Once TROJ_FEBUSER.AA has been installed, TROJ_FEBUSER.AA connects to a remote server to receive configuration data. The main purpose of this is to allow the TROJ_FEBUSER.AA to hijack the victim's social network accounts. TROJ_FEBUSER.AA attacks may be used to hijack accounts on Facebook, Google+ or Twitter. TROJ_FEBUSER.AA may take over the account to like pages, join groups, share posts, invite friends, update statuses and post comments, essentially giving a third party full control over the victim's social media accounts. TROJ_FEBUSER.AA attacks may force the victim to spread malware through malicious links sent out to their social media contacts.

TROJ_FEBUSER.AA Presents Itself as a Necessary Update

One of the main concerns about TROJ_FEBUSER.AA is that the fake video player update that is used to distribute this threat is digitally signed. This means that computer users may believe that the malicious file is actually distributed by a legitimate party. However, digital signatures can be forged, stolen or altered, meaning that computer users should be careful even if their software is digitally signed. Due to the fact that TROJ_FEBUSER.AA takes the form of a malicious browser extension, ESG malware researchers counsel computer users to install browser extensions from legitimate sources that have been fully approved by their Web browser's manufacturer.