A new application that allows Facebook users to access other people’s accounts has been described as a “dangerous scam” – although you probably don’t need to be a cyber security expert to realise that!
The shady app is aimed at suspicious partners but they could be the ones who end up being blackmailed.
The app which is known as Facebook Password Stealer or Facebook Unlocker claims to be able to reveal the login details for any Facebook account but the immoral software is purely a means of obtaining the user’s personal details.
The hacking tool, which obviously doesn’t work, asks for the URL of the “target account”. Where the users’ fall victim is when they are asked to enter their own email or phone number.
Alarmingly, it also requests the password.
The information is then made available on the dark web where any cybercriminals can access it.
It was researchers at LMNTRIX Labs who discovered versions of the application that infects users’ devices with a remote access trojan (RAT).
“The attackers also seem to be sophisticated marketers who understand there is potentially big demand for the purported service and are distributing the sample via Spam, Ad campaigns, Pop-ups, Bundled Software, Porn sites and also some times as a standalone software,” researchers told TechCrunch.
Meanwhile, malware experts MalwareHunterTeam explained on Twitter how the spoof password unlocker works: “When you click on the “Make it Ra1n” button, it will send your credentials to the creator of the tool.”
“Obviously it won’t unlock anything.”
However, as one user on Twitter pointed out: “the crook’s app does everything it promises to do, but it just hacks your account – not the target one.”