Facebook works with Greek police to take down Lecpetex, a botnet affecting 50,000 Facebook accounts and 250,000 computers worldwide. Victims receive a private message with an executable file in a .zip folder. When run, the program harvests login credentials or uses the computer’s power to mine cryptocurrency. The botnet is able to infect so many people because it constantly changes to evade Facebook’s threat detection measures:
Over the last seven months we saw the botnet operators experiment with different social engineering tactics, including embedding Java JAR files, using Visual Basic Scripts (VBS), and creating malformed ZIP archives and Microsoft Cabinet files (CAB) . . . The files used in the spam messages were also refreshed frequently to evade anti-virus vendor detection.