EXECUTIVE SUMMARY:

A Trojan malware, disguised as a stress-relieving paint tool, infected 40,000 PCs and compromised tens of thousands of Facebook accounts between April 12-16.

‘Relieve Stress Paint Tool’ appears to be an actual paint program that lets you play with colors and line size with each click. But as Dan Goodin from Ars Technica explains, “Behind the scenes, it copies Chrome data that stores cookies and any saved passwords for previously accessed Facebook accounts.”

The malware continues to copy Facebook credentials each time the paint program is opened or the computer is rebooted. It then sends that data to a command-and-control center. Adding to the malicious activity, Goodin reports, “The interface also compiled any payment details tied to an account, the number of friends the account had, and whether the account was used to manage a page.”

Further exploration of the command server’s interface also revealed a section for viewing Amazon account credentials, however that section was as yet empty. According to Goodin, this leads researchers to believe the hackers have not yet enabled code to compromise the Amazon accounts.

Get the full story at Ars Technica.