The security researchers at Sydney-based LMNTRIX Labs have identified a kind of software that identifies itself as a Facebook password stealer. Once it is downloaded, this software injects malicious code in the background which makes a user vulnerable to having their information stolen.
According to the researchers’ team, this appeared very widespread and growing and was an ongoing malicious campaign with the treat actors disguising themselves as Facebook password stealer or Facebook password recovery. The attackers seemed to be completely aware of the value of the purported service therefore which they started distributing the sample through Spam, Pop-ups, Bundled Software, and various other links.
People who are seeking help to crack into other people’s Facebook accounts are lured by the software named as Instant karma. Once it is downloaded and runs on the victim’s device, a remote access trojan is dropped in the background once the hack button is pressed.
The content of the spoolvfax.exe have been cross-referenced by the researchers with the VirusTotal’s database. There they identified it as a freshly uploaded trojan. This is the kind of malware that usually thrived before being identified. This is because Facebook has a massive user base which enables it to take any form to grow. Even a simple search of hack Facebook account can provide pages and links targeting the average user and do not require any technical expertise.
For now, this threat is limited to windows desktop users but targeting users through Facebook’s mobile experience is also becoming common. According to the researchers, the target market goes beyond the traditional hacker subset and target average users who are interested in peeping inside other people’s Facebook accounts. Although there are so many ways for attackers to spread their malicious code but this specific campaign promising to get a hand on easy Facebook account’s password is actually new to the game.
Via: Tech Crunch