"When a user extracts and executes NullMixer, it drops a number of malware files to the compromised machine," cybersecurity firm Kaspersky said in a Monday report. "It drops a wide variety of malicious binaries to infect the machine with, such as backdoors, bankers, downloaders, spyware, and many others."
Besides siphoning users' credentials, address, credit card data, cryptocurrencies, and even Facebook and Amazon account session cookies, what makes NullMixer insidious is its ability to download dozens of trojans at once, significantly widening the scale of the infections.
Attack chains typically start when a user attempts to download cracked software from one of the sites, which leads to a password-protected archive that contains an executable file that, for its part, drops and launches a second setup binary designed to deliver an array of malicious files.
Also deployed using NullMixer are trojan downloaders like FormatLoader, GCleaner, LegionLoader (aka Satacom), LgoogLoader, PrivateLoader, SgnitLoader, ShortLoader, and SmokeLoader, as well as the C-Joker cryptocurrency wallet stealer.
"Any download of files from untrustworthy resources is a real game of roulette: you never know when it will fire, and which threat you will get this time," Kaspersky researcher Haim Zigel said. "Receiving NullMixer, users get several threats at once."
In another scenario, your friend/colleague/neighbor could ask you to log in using their computer as a help. If their intention is to get your password, then you are most likely to lose your Facebook account to the hacker.
When you visit some malicious websites or web pages, you will be prompted to install a browser add-on. Once you install the add-on, it will perform all the tasks described by the hacker or attacker who created it. Some primary actions are posting status updates on your wall, liking an FB page, following a person, adding you to some Facebook groups, inviting your friends to like a page, or join a Facebook group etc. You may not know these things happening on your FB account until you check your Facebook activity log periodically.
You might have seen or downloaded many Facebook account hacker software, but none of them could truly hack Facebook password. Hacking your Facebook password instead of the target user is what it actually does.
Most browser vulnerabilities are exploited through an older version of the browser since all the zero days are patched by browser vendor once it is reported by researchers around the world. For example, Browser Same Origin Policy Vulnerability could allow a hacker/attacker to read the response of any Page like facebook.com and could be able to perform any action on your Facebook account since they are able to read the response by accessing the Facebook origin. Android Chrome SOP bypass by Rafay Baloch is one such vulnerability that is affecting Android web-view in Android < 4.4.
Self XSS is also known as Self Cross Site Scripting. XSS is basically a web security vulnerability, which enables hackers to inject scripts into web pages used by other users. What is self XSS then? Self XSS is a kind of social engineering attack, where a victim accidentally executes a script, thus exploiting it to the hacker.
Self XSS is something that you let hackers to hack your account. So never and ever copy & paste the code given by someone in your browser, otherwise, you will get your Facebook account hacked.
Trojan Horse is a malicious program, which is used to spy and control a computer by misleading users of its true intent. Malware Trojan can also be called as Remote Key Logger since it records keystrokes of all the applications of our computer and sends it to the hacker online.
You need not be afraid of a Zero Day vulnerability affecting FB. As I had said earlier, zero-day vulnerabilities are very rare. In most cases, zero-day hackers target only at influential people and celebrities. It is rare to target a common man using a zero-day vulnerability.
Very well written article. Perhaps i would not agree with some methods that you have mentioned here, They cannot be clubbed into Facebook hacking methods. Like for example browser extensions, Not necessarily its hacking but simple privilege gaining. It will never harm anyone. However this article by hacker9 can be refereed for more accurate discussions for totally inexperienced internet users. Article: -facebook-hacking-carried-out-password-methods.html
If you want to completely and permanently get rid of your Facebook account, read our article: How to Permanently Delete Your Facebook Account. After that, if you want to use FB Messenger again, download the app and sign up with a new account.
A lot of bad things can be done whenever a hacker gets his hands on your Facebook account. They can post anything they like with you being all helpless to do anything about it. Imagine yourself chilling at home, as your friends start calling nonstop to warn you the inappropriate posts are on your timeline. To avoid all of that, you should take certain precautions while using Facebook, and here are a few.
Think twice before clicking or download anything from Facebook. The links provided might contain viruses, malware, or even malicious software. If you visit those links, most of your data such as your email, password, and personal information will be harvested by whoever planted that link on your timeline.
If your account has been taken over by hackers, follow the link at the end of our article above for steps you need to take to recover your account. Depending on how crafty the hackers are, they can make it pretty difficult for you.
Take that and copy it into the android key hash field inside the preferences of your app on facebook. To get there, go to developers.facebook.com/apps, select your app, go to Edit settings and scroll down. After that, wait a few minutes until the changes take effect.
this will help newbees also.just adding more details to @coder_For_Life22's answer.if this answer helps you don't forget to upvote. it motivates us.for this you must already know the path of the app's keystore file and password for this example consider the key is stored at "c:\keystorekey\new.jks"1. open this page -for-windows/downloads2. download 32 or 64 bit zip file as per your windows OS.3. extract the downloaded file where ever you want and remember the path.4. for this example we consider that you have extracted the folder in download folder. so the file address will be "C:\Users\0\Downloads\openssl-0.9.8e_X64\bin\openssl.exe";5. now on keyboard press windows+r button.6. this will open run box.7. type cmd and press Ctrl+Shift+Enter.8. this will open command prompt as administrator.9. here navigate to java's bin folder: if you use jre provided by Android Studio you will find the path as follows: a. open android studio. b. file->project structure c. in the left pane, click 'SDK location' d. in the right pane, below 'JDK location' is your jre path. e. add "\bin" at the end of this path as the file "keytool.exe", we need, is inside this folder. for this example i consider, you have installed java separately and following is the path "C:\Program Files\Java\jre-10.0.2\bin" if you have installed 32bit java it will be in "C:\Program Files (x86)\Java\jre-10.0.2\bin"10. now with above paths execute command as following:
In 2005, researchers at MIT created a script that downloaded publicly posted information of more than 70,000 users from four schools. (Facebook only began to allow search engines to crawl profiles in September 2007.)
When people upload their contact lists or address books to Facebook, we try to match that data with the contact information of other people on Facebook in order to generate friend recommendations. Because of the bug, the email addresses and phone numbers used to make friend recommendations and reduce the number of invitations we send were inadvertently stored in their account on Facebook, along with their uploaded contacts. As a result, if a person went to download an archive of their Facebook account through our Download Your Information (DYI) tool, which included their uploaded contacts, they may have been provided with additional email addresses or telephone numbers.
Save time with the latest TechRepublic Premium downloads, including original research, customizable IT policy templates, ready-made lunch-and-learn presentations, IT hiring tools, ROI calculators, and more. Exclusively for you!
What about all the people you asked to be your friend who ignored or deleted your request? Facebook keeps track of that. Go to facebook.com/friends/requests(Opens in a new window) for a list of the people who hate you. Or maybe they just don't check Facebook that much. Probably both.
Everyone on Facebook will die. Eventually. In anticipation of this unavoidable truth, Facebook lets you name a legacy contact(Opens in a new window) who will manage your account after you are gone. Your legacy contact can write a pinned post for your profile, respond to new friend requests that come after you have passed, and update your profile and cover photo (in case your final image is you in an ironic SpongeBob Halloween costume). They can even download your Facebook data, minus any messages you sent/received.
When you create a long-term access key, you create the access key ID (for example, AKIAIOSFODNN7EXAMPLE) and secret access key (for example, wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY) as a set. The secret access key is available for download only when you create it. If you don't download your secret access key or if you lose it, you must create a new one. 2b1af7f3a8