![]() ![]() ![]() ![]() My colleague Sarah Calaunan also uncovered another hacking tool for Facebook being peddled on the site below: Trend Micro detects the rogue program as SPYW_FAKEHACK, while the dropped file "Toolbar.exe" as ADW_PLUGIN. If the hacking tool failed to download the third party app, the program would instead display the following error prompt: The said third party app is a legitimate password recovery, but was used maliciously in this attack. Thus, the retrieval of the credentials will only work for users who have passwords stored in their systems. Since the key was already provided, the program now shows the following:īut how did the program obtain these? Simple: the program downloaded and used a free third party application, designed to recover and display saved passwords in the users' local browser cache. If users opt to buy a product key, they are reverted to the site Once purchased, users are again required to encode the email address or Facebook ID. Now for the interesting part: to acquire password, users must purchase a product key, which costs US $29.99. After 2-5 minutes, it informs users that the desired password has been found: To appear legitimate, the program even shows a window to indicate that the request is in progress. Once installed, it displays a window that requires users to encode the email address or Facebook ID of their target Facebook account: Installing the setup file drops the malicious file "Toolbar.exe" in the users’ temporary folder without their knowledge. Based on our analysis of the setup file, it behaves like an ordinary installer that displays an end-user license agreement (EULA) and gives users the option to save the program in their preferred folder. When I checked, the file is supposedly capable of obtaining Facebook passwords. While monitoring our Smart Protection Network™ data, we noticed a suspicious file from the website From the looks of the domain name, it suggests that it hosts a hacking tool for the social networking site Facebook. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |