A malware is targeting nosy and curious Facebook users and researchers call it “Instant Karma”. It works just like the name, too. Have you ever wondered who among your Facebook friends just unfriended you? Ever thought about hacking into an ex’s account and digging all the dirty secrets he or she may have kept from you? A word of advice: Don’t try to do anything desperate. Do anything crazy like clicking Facebook ads promising to hack into people’s accounts and you’d end up seeing the tables turned against you—fast. And we’re not just talking about moral and legal implications here.
The unexpected consequence for your ‘spur of the moment’ whim on Facebook? Get your passwords stolen right under your nose.
Facebook Password Stealer
LMNTRIX Labs, a cybersecurity firm based in Sydney, has identified some dangerous software advertising itself as a Facebook password stealer. In their unpublished report, the security researchers revealed that the program injects malicious code in the background once it gets downloaded. Click on the bait and you’ll likely get your credentials stolen.
The malware lures potential victims by masking itself as software that can crack into other people’s Facebook accounts. Make the mistake of believing that claim and you’ll end up giving the malicious program access to your system. When that happens, it’ll drop a remote access Trojan that would steal your private info, which includes passwords, usernames, and financial details.
Unsurprisingly, the malware campaign has been dubbed “Instant Karma”.
Not the First Malware on Facebook
Malware on the biggest social media platform on the planet is nothing new. Instant Karma is emerging as a menacing threat only because it’s both widespread and growing. As a matter of fact, a simple search of “hack Facebook account” on FB will yield page after page of links to various software solutions that are possible virus carriers.
The scary part is that many of the search results are intended to target the average, non-techie user. Anybody can become a victim for as long as they harbor bad intentions toward someone whom they know on Facebook.
Different Faces, Same Threat
This virtual threat can take many forms, too. While they’re actively marketed as a Facebook Password Stealer or Facebook Password Recovery tool, the malicious campaign has been observed to take on different disguises.
Aside from bots posing as a friend on the Messenger app, Instant Karma also tempts users into downloading software that notifies them whenever they get unfriended. Beyond these two, samples of the said malware have been seen on ad campaigns, spam email, bundled software, pop-ups, and porn sites.
Clearly, the brains behind the malware campaign could be seasoned marketers who saw that there is a widespread demand for such ill-intentioned service.
A Hacker Gold Mine
Combine Facebook’s massive user base and the promise of an easy way to access somebody’s password and Instant Karma is what we get. At the moment, it primarily threatens Windows desktop users, though it has already been observed to target Facebook mobile app users. The possibility of it spreading to other OS is likelihood at this point.
This malware campaign has been getting leveraged by the fact that it targets general users who may be tempted to get inside someone else’s account. That could be anyone, curious friends, malicious enemies, or jealous spouses. As it turns out, there really is a niche out there for such a sketchy service.
As Instant Karma continues to spread and grow, cybersecurity experts warn netizens to be extra careful on Facebook. There are no publicly available, third-party tools in existence that can legitimately aid anyone’s dishonest motives. It’d be unwise to think you can bypass the platform’s stringent security.
Beyond thinking rationally, here are a few other measures you can do to protect yourself from this Facebook malware:
Get a reliable third-party antivirus ready.
Don’t just blindly trust social media platforms to protect you from all virtual threats. Install a dependable antivirus suite as the last line of defense. However, don’t go hoarding more than one. You’ll do more harm than good having two antivirus programs simultaneously.
Resist clicking any fishy links.
When a random acquaintance sends you a photo from out of nowhere, tread with caution. Be suspicious, especially when you see the file in an odd format. Clicking the file they sent you could be potential malware. And don’t buy any of those links claiming they can hack people’s accounts. It’s not only illegal, but is most likely riddled with viruses.
Learn more about how to avoid phishing scams on Facebook when you’ve got a minute to spare.
Don’t store passwords in your Web browsers.
Letting your browser remember passwords is risky as it is. Instant Karma, like many Trojan strains, does damage by gaining remote access to your system. Once they infiltrate your laptop, the hackers behind the malware may look at the credentials saved in your Web browser. They’ll have to find the info they seek elsewhere if you heed this piece of advice.
When you’re on the largest social network in cyberspace, you’re bound to bump into cyber felons and bogus services. Keep an eye open and be vigilant; a malware attack could happen on your next click.