An online tool that has recently become popular among Facebook users in India promises users that it will hack their friends’ Facebook accounts. However, it has been revealed that the tool instead hacks these Facebook users’ accounts!
This Facebook hacking tool, which has the disclaimer “For Education Purpose,” is hyperlinked to a document in Google Drive. This document has a code, which is to be pasted in web browsers’ address bars. As per the instructions in the document, the user needs to wait for two hours for the hack to take effect.
According to a blog post by Symantec researcher Satnam Narang, instead of hacking their friends’ accounts, this hack will perform a series of actions without their knowledge.
“Behind the scene, your account is used to follow lists and users, and give likes to pages in order to inflate the follower and like counts defined by the scammers. Your account is also used to tag the names of all your friends in the comment section of the original post,” he says.
That is not all. The post says, “This is done to help the scam spread further, playing off the curiosity of your friends, who may visit the post to find out more and hopefully follow the instructions as well.”
This scam originally started in 2011 and is a variation of self-XSS (self cross-site scripting). The original scammers behind this iteration had great success with the scam at the beginning of this year, netting between 50,000 to 100,000 likes and followers on a number of pages and profiles, according to Narang’s blog.
This campaign is allegedly run by hackers based in India, who have modified the original authors’ code by simply adding their own pages and profiles into the script to increase their follower and like counts.
Users who have clicked on such a link can check whether or not their account has liked and followed a number of pages and profiles without consent in their activity logs.
Source: TOI Tech