Facebook Account Hacking App Carries Remtasu Spyware

A family of malicious software, Remtasu is designed for finding, collating as well as stealing user data. The latest variant of this malware reads Win32/Remtasu.Y being seen from 2016-beginning as it executes one fresh tactic for infecting PCs.

Remtasu has spyware capabilities therefore it records keystrokes, filches clipboard's data, stores it on local files followed with uploading the same onto certain distantly-located FTP server. One can find Win32/Remtasu.Y samples pretty commonly within Colombia and other Latin American countries. They exist in Thailand, Turkey etc too. Previously, Remtasu was proliferated via malevolent files embedded on spoofed e-mails posing as messages from genuine business/government organizations. A very recent outbreak is associated with one malevolent app purportedly designed for acquiring passwords of Facebook accounts. Welivesecurity posted this, February 8, 2016.

And because inquisitiveness plays in the minds of people of what activity is going on at other people's Facebook A/Cs, the malicious program fast acquired the greatest popularity among all Remtasu samples within just some weeks since its detection. The app has one keylogger, which intercepts the user's keystrokes, saves the entire information within a file which's thereafter transmitted onto the app owner's server. Whereas Remtasu's earlier variants utilized spam mails as well as made Microsoft Office documents their weapons for contaminating people's PCs, the latest Win32/Remtasu.Y approaches to attack completely differently, concealing in the executable belonging to the app known as Hack Facebook.

This tool doesn't disseminate through spam mails as that'll arouse doubt into the mind of anybody getting it unexpectedly. Rather it's harbored across direct download sites that project its capabilities so end-users then pull it down themselves. The malicious tool stays on the tainted PC despite when the latter is restarted alternatively the system's user searches for the malware within all active processes.

Moreover, the fresh Remtasu sample also executes one traditional boot-persistence ploy via creating its replica inside the folder -Windows System32; giving itself one generic name followed with crafting one registry key which runs Remtasu process during each-and-every booting of the PC.

An absolutely good AV should aid one spot Remtasu every time the person feels like he's infiltrating somebody else's Facebook A/C.

» SPAMfighter News - 2/17/2016