You should be safe if you're not trying to hack into someone else's Facebook account (using the Hack Facebook app)

Feb 9, 2016 14:28 GMT  ·  By

Not surprisingly, a tool advertised as an app to hack into Facebook accounts contains Remtasu, a well-known piece of spyware that collects your information and uploads it to a remote server under the attacker's control.

First observed almost four years ago, Remtasu is a malware family specialized in discovering, collecting, and stealing user information.

Remtasu, which can be categorized as spyware, can log keystrokes, steal data from the clipboard, save the information to local files, and later upload it to a remote FTP server.

Remtasu now hides inside a Facebook hacking tool

This malware's most recent variant, Win32/Remtasu.Y, has been observed since the beginning of the year employing a new trick to infect computers.

While previous variants used spam email and weaponized Microsoft Office files to infect computers, Win32/Remtasu.Y took an entirely different approach, hiding inside the executable of an app named Hack Facebook.

This app isn't spread using spam email, since it will raise alarm bells to anyone receiving it out of the blue, but is hosted on direct download websites from where users download it themselves, after seeing advertising for its capabilities.

Since people can't help but be curious about what other people are doing on their Facebook accounts, the malware quickly became the most popular Remtasu variant on the market in only a few weeks after first being detected.

Most recent Remtasu infections were recorded in Latin America

ESET reports that most users infected with this tool are living in Colombia (65%), followed by Thailand (6%), Mexico (3%), and Peru (2%).

Additionally, this new variant also employs a classic boot persistence trick, by copying itself to the Windows System32 folder under a generic name (InstallDir), and then creating a registry key that launches the Remtasu process every time the user starts their computer.

A solid antivirus solution should help you detect Remtasu whenever you feel like hacking someone else's Facebook account.

Remtasu variants distribution
Remtasu variants distribution

Photo Gallery (2 Images)

Remtasu malware hides inside Facebook hacking utility
Remtasu variants distribution
Open gallery