A new attack spotted on virtual world Habbo Hotel is causing researchers to worry.
The phishing operation attempts to steal user account names and details from the popular teen online world.
Like other phishing sites, the attacker creates a phony page designed to look exactly like the Habbo site, said Face Time malware research director Chris Boyd.
However, said Boyd, the attack has one unique and worrisome feature: it actually logs the user into the site.
Boyd explained that normally, phishing sites will pass the user on to an 'invalid login' screen after the details had been entered. This will often tip savvy users that they have just been phished, prompting them to access the actual site and change their details.
The Habbo phishing page, however, is embedded with a script which passes the login details to the actual Habbo Hotel site. In turn, the user is automatically logged in to the service, providing no clue that a phishing attack has occurred.
While the attack is currently limited to the Habbo Hotel service, Boyd worries that it could be used to great effect on more sensitive targets.
"If this kind of devious tactic is employed for banking phishes, it'll make it all the more crucial that end-users start to think about running Anti-Phishing programs and browsers that have built-in Phish Detectors because the stakes seem to have raised once again," he wrote.
Why does Facebook store "my entire call history with my partner's mum", asks developer who requested his Facebook data
Facebook database included text-message metadata - despite not using Facebook Messenger for SMS
Before Ocado could start selling the technology it had developed to other retailers, it had to tear down and rebuild its own monolithic architecture
Successful attack could result in harm to patients and financial loss, warns NHS governing body
Guccifer 2.0 claimed to be a lone Romanian hacker - until a schoolboy error gave him, her or them away