Skip to Content

Watch out! This malware steals your Facebook password

Considering nearly 2 billion people actively use Facebook each month, there’s a great chance that you’re one of them. Which means you are a target for cybercriminals. That’s because they constantly scour heavily populated sites, looking for new victims.

You might see where I’m headed here. Yep, there is a new scam making the rounds on Facebook and it’s extremely sneaky.

Watch out for this Facebook scam

Have you ever seen a Facebook post offering you the chance to see who has been viewing your profile? Other posts might claim to show when someone “unfriends” you.

Some of these posts are more diabolical in nature. One example gives users the chance to steal passwords of other Facebook users. Although it’s immoral, this software might be enticing to someone wanting to check up on an ex-boyfriend or ex-girlfriend.

Beyond the moral implications, downloading these types of software is a terrible idea. Most are full of malicious code that will infect your gadget with malware or, ironically, steal YOUR credentials.

Researchers with LMNTRIX Labs recently discovered Facebook stealing password software that infects a user’s gadget with a remote access trojan (RAT). It’s been dubbed “Instant Karma.”

The research team told Techcrunch, “This appears very widespread and growing. We classified this as an ongoing malicious campaign with the threat actors actively marketing it as ‘Facebook Password Stealer’ or, more innocuously, ‘Facebook Password Recovery.’

“The attackers also seem to be sophisticated marketers who understand there is potentially big demand for the purported service and are distributing the sample via spam, ad campaigns, pop-ups, bundled software, porn sites and also some times as standalone software.”

After users download the software and run it, they are asked to enter their own login information. Then they must enter the URL of the users’ account they want to break into.

Finally, they click a button labeled, “Hack.” Clicking that link is when RAT is installed on the users’ gadgets. The following is an example of what it looks like:

Image: Example of malicious Facebook password stealer. (Source: Techcrunch)

As we said earlier, downloading this type of software is a bad idea. Your best move is to stay away from anything that sounds fishy and possibly illegal. Keep reading for some other suggestions to stay safe on Facebook.

What you need to do to stay safe on Facebook

  • Be cautious with links – If you get a notification or see a post that you find suspicious, don’t click on its links. It’s better to type the website’s address directly into a browser than clicking on a link. Before you ever click on a link, hover over it with your mouse to see where it is going to take you. If the destination isn’t what the link claims, do not click on it.
  • Do an online search – If something seems suspicious, you should do an online search on the topic. If it’s a scam, there are probably people online complaining about it and you can find more information.
  • Watch for typos – Scams are infamous for having typos. But, then again, so are social media posts! 
  • Update your Facebook security settings – If it’s been a while since you tweaked your settings, it’s a good idea to run through Facebook’s security checkup. Keeping your account private and secure can help you stay out of sight from hackers and scammers.
Note: If you are reading this article using the App, click here to see an example of the malicious software.

More stories you can’t miss:

Lockdown your Facebook account for maximum privacy and security

Test your firewall to make sure it’s working

Guy who wrote the bible on passwords: I was wrong App background

Check out the free App!

Get the latest tech updates and breaking news on the go, straight to your phone, with the App, available in the Apple Store and Google Play Store.

Download Now