Bogus “last words” Facebook app offer leads to malware

Humans have many impulses and fears, and cyber crooks can be counted on exploiting each and every one of them for achieving their purposes.

The latest example of this has been spotted by BitDefender analysts – an email spam campaign offering users a bogus Facebook app that will supposedly allow them to share a last message with their family and friends after their death:

As you might already be aware, a legitimate Facebook app that lets you do just that already exists, but this one is nothing of the sort.

The offered file – downloadable via the embedded link – actually downloads and runs three distinct executables, which wreak havoc on the user’s computer by key logging passwords and taking snapshots with its webcam, killing all other bots present on it and installing a backdoor so that the malware can communicate with its C&C center and receive further instructions.

“This nasty bug will send various reports to its creators: a keylogger report, an image report (your webcam snapshots), a passwords report (various passwords it caught), an e-mail report (your e-mail passwords) and a Steam report (containing the passwords to any account the user may have created on Steam, a very popular online gaming platform),” explain the analysts.

As always, users are advised never to click on links or download attachments contained in unsolicited emails.

Don't miss