Short Bytes: Your desire to master the art of Facebook hacking can harm you in a big way. Recently, a variant of Remtasu malware has been spotted in the wild that can hack your Facebook, instead of your friend’s account. Surprisingly, this malware always finds a way to remain on the system even after the victim reboots the system or tries to locate the threat in the list of active processes.
Anew Facebook hacking tool has been spotted in the wild that can actually hack Facebook accounts. However, if you try to use this tool to hack someone’s Facebook account, you might end up becoming the victim of this tool.
This hacking tool is a disguised version of a Windows-based trojan whose reach has witnessed an accelerated growth over the last year. Ostensibly, the malware is now busy using social engineering tactics to target the people who are looking for ways to hack other’s Facebook accounts. This finding was recently unveiled by the security firm ESET in a blog post.
How is Remtasu Facebook hacking tool spreading?
This Win32/Remtasu.Y malware reaches your machine when you search queries like “how to hack Facebook account?” etc. As a result, you may end up downloading this Facebook hacking tool that can hack your own account.
Talking about different ways by which this trojan spreads, ESET writes, “we are no longer seeing propagation through e-mail. They are instead coming from direct download sites. Once a user downloads and executes the file, their data is compromised.”
This Facebook hacking variant of Remtasu is most common in Latin America, Thailand, Turkey and other countries.
How Remtasu hacks your Facebook account?
Once a user visits a direct download website, the malware enters in your system and disguises itself among other files. It was observed that the malware makes use of UPX compression. After the file is uncompressed, various functions are executed that include opening and capturing clipboard information, recording keystrokes and sending it to an FTP server.
Surprisingly, this malware always finds a way to remain on the system even after the victim reboots the PC or tries to locate the threat in the list of active processes. “In this case, the malware replicates itself, saving the copy in a folder that it also creates within thesystem32 folder. The new InstallDir folder remains hidden inside the system files, making it difficult for users to access,” ESET explains the process.
The security firm has recorded 24 different versions of the malware. Out of those, Win32/Remtasu.Y represents more than a quarter, followed by the variantWin32/Remtasu.O at 23%.
Working as a cyber security solutions architect, Alisa focuses on application and network security. Before joining us she held a cyber security researcher positions within a variety of cyber security start-ups. She also experience in different industry domains like finance, healthcare and consumer products.