Adservice: Trojan that steals information from Facebook

A new Trojan has recently been discovered. This is AdService, which steals information from Facebook and Twitter accounts. Furthermore, it is distributed silently through adware packages. Packages that are normally installed through extensions or programs as false system optimizers.

AdService: Trojan that steals information from Facebook

AdService uses the Google Chrome DLL hijacking to be able to load when the browser is launched. This is that when a program is run it needs to load a certain DLL. It may be the case that you specify the DLL you want to load and let Windows find it. It is in this case that malicious DLLs are placed by the malware.

(iStockphoto)

IT15-fB-032916-istock

March 23, 2014: Facebook on an iPhone home screen drawing focus to the Facebook app and the accompanying Messenger app.

AdService Trojan

In the case of the AdService Trojan it has been placed in a malicious version of winthpp.dll. So when the user starts Google Chrome, they encounter the problem. And then the malicious winthpp.dll is loaded. The Trojan then connects to a remote site and will send and receive information. Then, you will try to connect to Facebook and / or Twitter to steal information from the user's profile.

Such information can go from the user's name, to their email or their password. The good part of all this problem is that AdService is detected by most of the security providers. A total of 45 of the 64 security providers manage to detect it.

Therefore, keeping the computer and our antivirus updated is a good way to prevent possible attacks by this Trojan. And in this way, face this potential threat.