Facebook is one of the most popular targets for hackers. Researchers at Sydney-based LMNTRIX Labs recently came across a new Facebook password stealing malware being marketed online by cybercriminals, which actually steals data from attackers instead of victims. Dubbed as “Instant Karma”, the password stealing software injects a malicious code into the background when it downloads, exposing the user’s credentials, including personal and financial information.
“This appears very widespread and growing,” the research team told TechCrunch. “We classified this as an ongoing malicious campaign with the threat actors actively marketing it as ‘Facebook Password Stealer’ or, more innocuously, ‘Facebook Password Recovery.’
“The attackers also seem to be sophisticated marketers who understand there is potentially big demand for the purported service and are distributing the sample via Spam, Ad campaigns, Pop-ups, Bundled Software, Porn sites and also some times as a standalone software.”
The malware campaign lures the victims who are seeking the software for hacking into other people’s Facebook accounts. Once the victim clicks the “hack” button, it downloads and runs, and also drops a remote access Trojan (RAT) in the background.
Currently, the password stealing malware is only limited to Windows PC users, although it’s not uncommon to see similar malware targeting mobile users, the researchers said.
“The target market goes beyond a typical hacker subset (if there is such a thing) and targets the general user who may be tempted to get inside someone’s Facebook account (friends, enemies, significant others, et al.),” the researchers told TechCrunch. “While there have been methods and apps offering Facebook hacks, this specific malicious campaign which uses the promise of easy Facebook password theft as bait is completely new.”