Demonstration of Facebook account credentials theft

When you use a computer other than your own, you have to be especially careful about what online accounts you access – particularly if the computer in question is in a library or an Internet cafe, where a lot of people can use it without raising suspicion and without having to give their personal information to do it.

A recent episode that a Sunbelt researcher was the protagonist of demonstrates how easily your Facebook account credentials can be stolen.

He was at his local library and noticed that one of the computers available for use had a flash drive sticking out of its ports. His curiosity aroused, he sat down and checked the contents of the drive and found an executable that sports an icon similar to the original Facebook logo and purports to be a “FaceBook Remote Viewer” that allows you to visit Facebook from school or work by avoiding firewalls.

When executed, the user is faced with this screen:

As the program loads, a website with a (grammatically flawed) description also loads in the background, as a way to defuse any skepticism that the user might have.

The program eventually asks the user to enter his or hers name, email and Facebook password, and seemingly proceeds with the log-in and loading process, but “fails” and shows the following screen:

Of course, the firewall is not the problem – the program wasn’t designed to allow you to access Facebook. It is a information-stealing Trojan that collects your credentials, which are now conveniently stored in a .txt file placed on the flash drive. The only thing left for the thief to do is to collect the drive and misuse the credentials.