It is no surprise that a tool that promises to make hacking Facebook accounts contains spyware, namely the famous Remtasu that collects information and transmits it to a remote server under the control of the attacker.
The Remtas spyware first appeared almost four years ago, and it is a malicious software that specializes in discovering, collecting and stealing user information.
Remtasu sees and saves your hits on your keyboard, steals data from your clipboard, saves all this information to local files on your computer, and then loads them to a remote FTP server.
The latest version of this malware is Win32 / Remtasu.Y and has appeared since the beginning of the year.
While previous variants were used via spam e-mails and weaponized files Microsoft Office για να μολύνει τους υπολογιστές, το Win32/Remtasu.Y πήρε μια εντελώς διαφορετική προσέγγιση, και πλέον κρύβεται μέσα στο εκτελέσιμο της applications called Hack Facebook.
This application has not been spread through spam e-mails but is hosted on direct download websites from where the users they can download it themselves after seeing the advertisement of its features.
Since people are curious to be able to see other people's Facebook accounts, malware quickly became the most popular Remtasu version in the market just a few weeks after its first release.
ESET says that most users infected with this tool live in Colombia (65%), followed by Thailand (6%), Mexico (3%), and Peru (2%).
In addition, this new variant also uses a classic trick, copying itself into the Windows System32 folder under a generic name (INSTALLDIR), and then creating a registry key causes the computer to run the Remtasu spyware every time the user starts their computer.