Security researchers LMNTRIX Labs have identified software advertising itself as a Facebook password stealer that injects malicious code in the background once downloaded, making the user vulnerable to having their own credentials stolen.
The attackers also seem to be sophisticated marketers who understand there is potentially big demand for the purported service and are distributing the sample via Spam, Ad campaigns, Pop-ups, Bundled Software, Porn sites and also some times as a standalone software.
The malware campaign lures victims who are seeking software that can crack into other people’s Facebook accounts. Once downloaded and run, it drops a remote access trojan in the background after the victim clicks the “hack” button.
Facebook malware that offers useful (if sketchy) services often thrives thanks to Facebook’s incomparably massive user base. It can take many forms, from tempting downloads that offer to notify a user when they are unfriended to malware bots posing as a friend on Messenger. A simple search of “hack Facebook account” yields pages of results and links to all manner of likely malware-tainted software solutions, many of which are targeted toward the average user, no technical skill required.
This particular threat appears limited to Windows desktop users, though malware targeting Facebook’s mobile experience isn’t uncommon either. It’s no surprise that the largest social network in the world is a hacker goldmine if tricks like these can be leveraged successfully.