Not surprisingly, a tool that promises to hack his accounts Facebook to contain spyware, namely the famous Remtasu that collects information and transmits it to a remote server under the attacker's control.
The Remtas spyware first appeared almost four years ago, and it is a malicious software that specializes in discovering, collecting and stealing user information.
Remtasu sees and saves your hits on your keyboard, steals data from your clipboard, saves all this information to local files on your computer, and then loads them to a remote FTP server.
The latest version of this malware is Win32 / Remtasu.Y and has appeared since the beginning of the year.
While previous variations were being used through spam e-mail and weaponized files of Microsoft Office to infect computers, Win32 / Remtasu.Y took a completely different approach, and is now hiding within the executable of the application called Hack Facebook.
This application has not been spreading through spam emails but is hosted on downloadable web pages from where users can download it themselves after seeing the ad with its capabilities.
Since people are curious to be able to see other people's Facebook accounts, malware quickly became the most popular Remtasu version in the market just a few weeks after its first release.
ESET says that most users infected with this tool live in Colombia (65%), followed by Thailand (6%), Mexico (3%), and Peru (2%).
In addition, this new variant also uses a classic trick, copying itself to the Windows System32 folder under a generic name (INSTALLDIR), and then creating a key registery forces the computer to run the Remtasu spyware every time the user starts their computer.
