Short Bytes: Your desire to master the art of Facebook hacking can harm you in a big way. Recently, a variant of Remtasu malware has been spotted in the wild that can hack your Facebook, instead of your friend’s account. Surprisingly, this malware always finds a way to remain on the system even after the victim reboots the system or tries to locate the threat in the list of active processes.
This hacking tool is a disguised version of a Windows-based trojan whose reach has witnessed an accelerated growth over the last year. Ostensibly, the malware is now busy using social engineering tactics to target the people who are looking for ways to hack other’s Facebook accounts. This finding was recently unveiled by the security firm ESET in a blog post.
How is Remtasu Facebook hacking tool spreading?
This Win32/Remtasu.Y malware reaches your machine when you search queries like “how to hack Facebook account?” etc. As a result, you may end up downloading this Facebook hacking tool that can hack your own account.
Talking about different ways by which this trojan spreads, ESET writes, “we are no longer seeing propagation through e-mail. They are instead coming from direct download sites. Once a user downloads and executes the file, their data is compromised.”
This Facebook hacking variant of Remtasu is most common in Latin America, Thailand, Turkey and other countries.
How Remtasu hacks your Facebook account?
Once a user visits a direct download website, the malware enters in your system and disguises itself among other files. It was observed that the malware makes use of UPX compression. After the file is uncompressed, various functions are executed that include opening and capturing clipboard information, recording keystrokes and sending it to an FTP server.
Surprisingly, this malware always finds a way to remain on the system even after the victim reboots the PC or tries to locate the threat in the list of active processes. “In this case, the malware replicates itself, saving the copy in a folder that it also creates within thesystem32 folder. The new InstallDir folder remains hidden inside the system files, making it difficult for users to access,” ESET explains the process.
The security firm has recorded 24 different versions of the malware. Out of those, Win32/Remtasu.Y represents more than a quarter, followed by the variant Win32/Remtasu.O at 23%.
fossBytes advises the readers to stay away from Facebook hacking tools as they can harm your digital life. Also, it’s unethical.