Cybercriminals have developed a custom piece of malware that injects itself into your Facebook session and prompts you to donate to a charity for sick children. The scammers’ goal is to make off with your personal data, especially your credit card number. 

Security researchers have discovered a new variant of the Citadel malware that injects itself into your Facebook webpages and demands that you make a donation to a fake charity for sick children. Please be warned: there are no children charities that will ask you for a donation via Facebook. There are, however, individuals very interested in stealing your credit card number and other personal information (note: this is not the first time Facebook users are specifically being targeted, and it certainly won’t be the last), ZDnet reported.


Once your computer is infected with the malware, it quickly adds itself into your Facebook session.  After you log into your Facebook account, the Citadel injection mechanism displays a pop up that encourages you to donate $1 to children who “desperately” need humanitarian aid. Next, it asks you for your name, credit card number, expiration date, CVV, and security password.