Ever since Facebook has seen the light of day, we have been experiencing various malware types going around the social media platform. This is nothing new, but this time it would seem that karma did come around and punished the guilty. Security researchers at LMNTRIX Labs in Sidney wrote a yet to be published report in which they identified a software that tries to pass as a Facebook password stealer, which once downloaded injects malicious code in the background, making the user prone to getting their credentials stolen.
The research team said that this seems to be very widespread and growing. They classified it as an ongoing malicious campaign where the attackers market it as ‘Facebook Password Stealer’ or ‘Facebook Password Recovery.’
The research team also commented that the attackers are savvy marketers that are aware of the potentially big demand for the service and are sending the sample of the malware via Ad campaigns, Spam, Bundled Software, Pop-ups, Porn sites and also some times as a standalone software.
LMNTRIX researchers chose to call the malware campaign Instant Karma (which certainly fits) because it lures victims who are seeking software that can crack into other people’s Facebook accounts. When you download it and run it, a remote access trojan is dropped in the background once the victim clicks on the hack button.
Before a Facebook malware gets identified and neutralized, Facebook’s massive user base makes it perfect for the malware to thrive on. Its many forms include tempting downloads that promise to notify a user when they get unfriended to malware bots that pretend to be a friend on Messenger. You only need to search for “hack Facebook account” and you will get pages and pages of links to probably malware-tainted software solutions targeting an average user that require no technical skill.
The particular malware we are writing about right now seems to affect only Windows desktop users, but Facebook’s mobile malware isn’t uncommon either. This social network, the largest one in the world, is surely a hacker goldmine if tricks like these can be leveraged successfully.
The research team said that the target market goes beyond a typical hacker subset and its target is a general user who maybe gets tempted to dive into someone’s Facebook account, like their friends’, or enemies’ or significant others’. And while there have been apps and methods for hacking into Facebook for a long time, this specific one that uses the promise of an easy road to a theft of Facebook password as a bait is a new invention.