{
	"id": "e463dfd6-9b32-4e92-b8e0-93628d3f2966",
	"created_at": "2026-04-06T00:13:52.225571Z",
	"updated_at": "2026-04-10T13:12:01.498249Z",
	"deleted_at": null,
	"sha1_hash": "5bd38b7ebf7ce239188171c5abcbd21a152fa839",
	"title": "Tens of thousands of Facebook accounts compromised in days by malware",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 80252,
	"plain_text": "Tens of thousands of Facebook accounts compromised in days by\r\nmalware\r\nBy Dan Goodin\r\nPublished: 2018-04-18 · Archived: 2026-04-05 19:49:51 UTC\r\nStealth\r\nThe malware was designed to copy the credentials in a way that wouldn’t be detected by antivirus programs. The\r\ncopying process, for instance, remained active for less than one minute. The malware didn’t steal general\r\ncredentials, and it copied cookies and saved passwords by querying copies of the original cookies and LoginData\r\nfiles rather than through other means.\r\nIt remains unclear precisely what the attackers did with data they obtained. Possibilities include selling the data in\r\ncriminal forums, using it for identity theft or espionage, or using the payment data to buy goods or services on e-commerce sites.\r\nMore than five days earlier this week, the malware managed to infect nearly 34,000 computers in two dozen\r\ncountries.\r\nCredit: Radware\r\nCredit: Radware\r\nSince then, more than 6,000 more infections have occurred.\r\nAnyone who may have been infected by this malware should immediately change their password and should also\r\ncheck the security and login section of their Facebook settings for logins by unrecognized computers. It’s always a\r\ngood idea to protect accounts with multifactor authentication, but it’s not yet clear if that protection would have\r\nhttps://arstechnica.com/information-technology/2018/04/tens-of-thousands-of-facebook-accounts-compromised-in-days-by-malware/\r\nPage 1 of 2\n\nprevented attackers in this campaign from accessing compromised accounts. Because the malware stole both\r\npasswords and cookies, it’s possible the cookies allowed the attackers to bypass the protection.\r\nIn a statement, Facebook officials wrote: “We are investigating these malware findings and we are taking steps to\r\nhelp protect and notify those who are impacted.” A spokesman said it wasn’t yet clear what effect the attacks had\r\non accounts protected by multifactor authentication.\r\nThis ability to infect 40,000 users and compromise tens of thousands of accounts indicates the malware was\r\ndeveloped professionally. It wouldn’t be surprising to see this group strike again. Radware’s blog post is here.\r\nSource: https://arstechnica.com/information-technology/2018/04/tens-of-thousands-of-facebook-accounts-compromised-in-days-by-malware/\r\nhttps://arstechnica.com/information-technology/2018/04/tens-of-thousands-of-facebook-accounts-compromised-in-days-by-malware/\r\nPage 2 of 2",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"Malpedia"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://arstechnica.com/information-technology/2018/04/tens-of-thousands-of-facebook-accounts-compromised-in-days-by-malware/"
	],
	"report_names": [
		"tens-of-thousands-of-facebook-accounts-compromised-in-days-by-malware"
	],
	"threat_actors": [],
	"ts_created_at": 1775434432,
	"ts_updated_at": 1775826721,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/5bd38b7ebf7ce239188171c5abcbd21a152fa839.pdf",
		"text": "https://archive.orkl.eu/5bd38b7ebf7ce239188171c5abcbd21a152fa839.txt",
		"img": "https://archive.orkl.eu/5bd38b7ebf7ce239188171c5abcbd21a152fa839.jpg"
	}
}