DIY Trojan Kit Targets Facebook Credentials and a Lot More

Security researchers have identified a new do-it-yourself kit designed to generate customized trojans that steal Facebook login details, passwords stored inside browsers and even VPN credentials.

The kit is called "Facebook Hacker" and according to security researchers from BitDefender, it is "extremely easy to configure, just like any do-it yourself hack tool designed with the 'skiddie' [script kiddie] in mind."

The program's interface allows the attacker to input the login and SMTP details for the e-mail account where stolen information will be sent by the generated trojan.

There are predefined settings for Gmail and Hotmail, as well as the option to modify the default file name or have the trojan display a fake message.

The kit might be simple to use, but the generated malware has a high enough level of sophistication.

It features a hardcoded list of anti-virus and network monitoring products which are blocked or terminated if found running on the victim's computer.

Even though the program is touted as a Facebook hacking tool, the trojan is capable of stealing much more than just login details for the social networking website.

In fact, since it can collect all usernames and passwords stored within any of the major browsers, we could argue that Facebook credentials are the least of concerns.

Screenshots of the captured data released by BitDefender show email login credentials lifted from Firefox's signons.sqlite file, however, they could just as well have been for online banking or other sensitive accounts.

And there are also other implications stemming from the fact that a lot of people reuse passwords or don't delete sign-up email notifications containing login information for other services.

"To add insult to injury, the application also enumerates all dialup/VPN entries on the computer and displays their logon details: User Name, Password, and Domain," BitDefender's Loredana Botezatu, notes.

It's worth mentioning that the trojan executable uses the icon of the "Call of Duty: World at War" game and lists Game Adventure Inc. as publisher. BitDefender detects the threat under a generic signature as Trojan.Generic.3576478.