The development of software -- whether for a good or evil purpose -- has been very prolific. It's a good thing that there are guardians even in the World Wide Web.
A software advertising itself as a Facebook password stealer has been giving thieves a dose of their own medicine. In an unpublished report, security researchers at Sydney-based LMNTRIX Labs discovered that once the software has been downloaded and run, it drops a remote access trojan in the background after the user clicks the “hack” button. This makes the password thief himself vulnerable to having his own credentials stolen as well -- definitely instant karma.
The LMNTRIX researchers said the malicious software is very widespread, masquerading itself as “Facebook Password Stealer” or “Facebook Password Recovery.” The attackers, fully realizing the huge potential for such types of software, “are distributing the sample via spam, ad campaigns, pop-ups, bundled software, porn sites, and also some times as a standalone software,” the team told TechCrunch.
Apps that offer Facebook hacks already exist but this specific malicious campaign “which uses the promise of easy Facebook password theft as bait is completely new,” they said.
Facebook malware can take many forms -- from downloads that offer to notify a user when they are unfriended to malware bots posing as a friend on Messenger. Search results for “hack Facebook account” would yield pages to links of software solutions that are simple enough for the average user to understand but are probably malware-tainted.
So far, the particular threat only affects Windows desktop users, though malware that targets Facebook’s mobile subscribers cannot be dismissed. With two billion active monthly users, Facebook is a hacker’s gold mine for creators of fool-proof malware.
The researchers also found that the appeal of such malware has gone beyond typical hackers. Password stealing apps also attract the average user who could be seriously thinking of cracking into a Facebook account either to cause damage to an enemy or to check on a significant other.
So, if you are seething with revenge or just plain curious, better think twice before you even search for that password stealing software.
|Photo by: geralt via Pixabay|