Stress Relief App Infects Facebook Users With Malware

Is digital painting and coloring just as relaxing as ‘regular’ painting and coloring? Perhaps it is. But if you want to try it yourself, you’d be better off using Adobe Photoshop or GIMP than installing the malicious ‘Relieve Stress Paint’ app from a link you got through Facebook.

Like lots of people, I have a collection of trendy adult coloring books. It is quite relaxing to sit on the couch, open a coloring page, get out my crayons, and color mindlessly. I also enjoy painting things. I’ve found decorative sculptures that were being thrown out at the home decor store my friend works at, and I’ve painted them with my own designs. It’s quite soothing and satisfying, unlike getting targeted with malware.

What is ‘Relieve Stress Paint?’

Users should already be concerned about how the fun applications they find through Facebook use or abuse their data, in the wake of the Cambridge Analytica scandal. The political marketing firm often got information from Facebook users through novelty quizzes and the like.

‘Relieve Stress Paint’ isn’t an app that’s embedded in Facebook though. Rather, cyberattack targets received links to download the malicious application through Facebook messages or email. The cyber attackers exploited the perceived legitimacy and integrity of Facebook and AOL’s brands to transmit their Trojan.

The hyperlink for the ‘Relieve Stress Paint’ download webpage reads ‘’ in Unicode characters, which the web browser resolves to ‘xn—’ in Punycode. Very clever!

Targets who download and install ‘Relieve Stress Paint’ do indeed get an application that can be used for painting with a UI and features quite similar to Microsoft Paint. What they didn’t know is that in the background, ‘Relieve Stress Paint’ exploits the target’s Facebook account used on the machine in order to acquire sensitive Facebook session cookies, (Read more...)

*** This is a Security Bloggers Network syndicated blog from Cylance Blog authored by Kim Crawley. Read the original post at: