Researchers: Malware app infecting thousands of Facebook accounts

Hackers have successfully infiltrated tens of thousands of Facebook accounts by targeting users with malware disguised as a painting application, security researchers say.

According to data security firm Radware, hackers are using the malware to harvest user credentials, payment methods and other information stored on Facebook accounts across the world.

The malware masquerades as a painting application called Relieve Stress Paint and had infected more than 40,000 Facebook user accounts in a matter of days, the firm said Wednesday. 

{mosads}The revelation could create a new headache for Facebook, which has been under scrutiny for its data privacy practices following news that Cambridge Analytica improperly harvested data on some 87 million of its users. CEO Mark Zuckerberg testified before Congress on the issue last week.

Facebook said it is currently investigating the malware issue. 

“We are investigating these malware findings and we are taking steps to help protect and notify those who are impacted,”Facebook communications manager Pete Voss told The Hill. 

According to Radware, hackers are targeting Facebook users through phishing emails or directly through their Facebook accounts, then directing them to a fraudulent website where they are prompted to download the malicious application.

Once downloaded, the application runs a malware called Stresspaint in the background, allowing hackers to steal user credentials and use those to collect additional data on the accounts, such as the number of friends a user has or any payment method that may be stored on the account. 

The researchers, who discovered the malicious activity last week, say that the high infection rate of the malware indicates that it was developed professionally.

“Within a few days, the group had infected over 40,000 users,” Radware said in a blog post. “The group is specifically interested in users who own Facebook pages and that contain stored payment methods. We suspect that the group’s next target is Amazon as they have a dedicated section for it in the attack control panel.”

This post was updated at 4:45 p.m. to reflect a comment from Facebook.