A trojan that specifically harvested Facebook login credentials managed to steal more than 16,000 credentials.
Once the details were collected, the attacker programmed the trojan to log into Facebook accounts and steal data Zynga Poker stats and the number of stored payment methods.
According to Eset, Facebook users specifically in Israel were targeted.
It sought only active accounts which it defined as those with a high player rank and stored credit cards. Eset speculated this data could be later exploited by attackers or on sold to other fraudsters.
In the case of a user without a credit card or with a low score, the infected computer received instructions to infect the victim's profile with a link to a phishing site that lured the player's friends to a website resembling the Facebook home page where login credentials were harvested again.
Eset security intelligence team lead Róbert Lipovský said that unlike other trojans spreading through Facebook, this trojan does not log into or in any way interfere with the Facebook account of the user that is infected.
Instead, the botnet serves rather as a proxy, so that the illegal activities are not carried out from the perpetrator's computer.