LMNTRIX Labs researchers spotted a Facebook password stealer equipped with a Trojan to deliver a dose of karma to those looking to use it.
The malwares was marketed as ‘Facebook Password Stealer' or sometimes as ‘Facebook Password Recovery' but both versions are advertised as password stealers and inject malicious code in the background once downloaded, making the user vulnerable to having their own credentials stolen, according to an unpublished LMNTRIX report cited by TechCrunch.
“The attackers also seem to be sophisticated marketers who understand there is potentially big demand for the purported service and are distributing the sample via Spam, Ad campaigns, Pop-ups, Bundled Software, Porn sites and also some times as a standalone software,” researchers told the publication.
Researchers warn of similar exploits offering Facebook services such as malware claiming to notify users when they are unfriended and malware bots that pose as friends on messenger. The password stealing threat targeted windows desktop users although it's not uncommon to see similar malware targeting mobile users, researchers said.