A targeted online attack designed to steal credit card details from Facebook users in five different countries has been discovered.
A modified version of the Citadel malware posts a fake Facebook request for donations to children's charities in English, Italian, Spanish, German and Dutch, depending on the user's country.
The Citadel Trojan was created by hackers and sold to criminals for $2,500 (£1,600), plus fees for additional plug-ins. It was taken off the open market following investigations by law enforcement.
Facebook displays a pop-up advert that encourages victims to donate $1 to children who need humanitarian aid and asks users to fill in their credit card details.
Amit Klein, CTO of Trusteer - the security vendor which identified the problem - said it was an interesting twist that the criminals did not reuse the same text for every language. Instead, each attack was customised based on the victim's country.
"This attack illustrates the continuing customisation of financial malware and harvesting of credit card data from the global base of Facebook users", Klein said.
"Using children's charities as a scam makes this attack believable and effective. Meanwhile, the one dollar donation amount is low enough that virtually anyone can contribute if they choose. This is a well-designed method for stealing credit and debit card data on a massive scale."
The five different adverts include supposed appeals for the Save the Children and ChildFund charities, collections for Haitian children living in poverty, the Red Balloon campaign highlighting infant mortality and a child nutrition program in Spain.
Click on the slideshow above to see how the scammers implemented the Citadel Trojan in various languages.