New Facebook Password Stealer named Instant Karma steals your password instead

Facebook’s immensely large user-base has made it the subject of viral attacks. More than being directed towards Facebook though, the attacks target its gullible users who’re often looking at things like finding out their Facebook friend’s password, sending them a notification when someone unfriends them or the people who viewed their Facebook Profile. A new threat seems to have been uncovered by a security research firm that could soon make its way to a number of systems.

Techcrunch is reporting that an unpublished report from LMNTRIX has identified a new variant of a Facebook Password Stealer. This software tempts you into setting it up by offering to provide you the passwords of your Facebook friends but instead sneaks in a trojan in your system which sends your own password to the application’s creators instead.

After being installed, the software, ironically titled Instant Karma, drops an executable in your system named spoolsvfax.exe which the security firm has identified as being a Trojan. This executable then runs in the background snooping around to see the information that you enter and sends it over the network. The threat seems to be targeting Windows users and while specific versions are not listed, it’s highly likely that the hack would work on all versions of Windows.

LMNTRIX Report obtained by Techcrunch

LMNTRIX Report obtained by Techcrunch identifies spoolsvfax.exe as a Trojan

Hacks related to Facebook have been large and aplenty and the social media giant has taken steps to curb as many as possible. A very popular type of Facebook hack that spread a few years back for instance involved asking users to run a piece of JavaScript code in the Chrome console window offering such things as changing the Facebook theme or modifying Facebook’s timeline view and would end up snooping in on your passwords and sending the information to the perpetrators of the attack over the internet. The attack’s widespread nature caused Facebook to ensure that a warning in large font is now displayed every time a user opens Chrome’s Console Window when inside Facebook. Another variant was in the form of utilities disguised as Facebook apps that would offer you to show which users have viewed your Facebook profile in exchange for some confidential information from your own profile. That information would be sold to third parties for a profit. Variants of this attack or others that at the very least get and sell your information still exist in abundance.

Security has become a hot topic of discussion in the tech community, with some even resorting to lapses in it to make a full-fledged living. Posing as hackers, these nefarious elements unleash a destructive virus called ransomware that holds the user’s system hostage, releasing it only when the requested payment is made. In May, countries around were hit by the WannaCry ransomware, with another termed Petya followed suit. Recently, HBO has been the victim of a cyber-attack in which hackers have stolen over 1.5 TB of info and demanded a significant amount of ransom in a rather dramatic fashion.

As always, if you come across a Facebook Password Stealer or any similar software providing you passwords of other users easily, don’t fall for it. For it is definitely a trap by the app to steal your own info and you’ll only be at the receiving end of some Instant Karma.