

It can take many forms, from tempting downloads that offer to notify a user when they are unfriended to malware bots posing as a friend on Messenger. The researchers cross-referenced the contents of “spoolsvfax.exe” with VirusTotal’s database, where they identified it as containing a newly uploaded trojan.īefore identified and neutralized, Facebook malware that offers useful (if sketchy) services often thrives thanks to Facebook’s incomparably massive user base. Once downloaded and run, it drops a remote access trojan in the background after the victim clicks the “hack” button.

“The attackers also seem to be sophisticated marketers who understand there is potentially big demand for the purported service and are distributing the sample via Spam, Ad campaigns, Pop-ups, Bundled Software, Porn sites and also some times as a standalone software.”įittingly dubbed “Instant Karma” by the LMNTRIX researchers, the malware campaign lures victims who are seeking software that can crack into other people’s Facebook accounts. “We classified this as an ongoing malicious campaign with the threat actors actively marketing it as ‘Facebook Password Stealer’ or, more innocuously, ‘Facebook Password Recovery.’ “This appears very widespread and growing,” the research team told TechCrunch. In an unpublished report, security researchers at Sydney-based LMNTRIX Labs have identified software advertising itself as a Facebook password stealer that injects malicious code in the background once downloaded, making the user vulnerable to having their own credentials stolen. Facebook malware is nothing new, but an emerging threat offers some unique karmic retribution.
