Myspace Cracker Steals Firefox Passwords

| | Comments (1)
A "Myspace Cracking tool" has recently come to light, though if you're considering attempting to crack some Myspace accounts with this:

mscrkff1.jpg


....then you might want to think again, on account of it not being quite what it seems. This "cracking tool" is only after one persons details: yours. Run it, and you'll see the following (somewhat bizarre) message, which should be your first clue that all is not quite right here:

mscrkff2.jpg


At this point, your CD tray may well pop open - perhaps in tribute to the Trojans of old that did pretty much the same thing. At any rate, you're certainly not cracking any Myspace accounts, and after a faint grinding from your PC you're left to sit and stare at your desktop, wondering what went wrong. Here's a clue - have a poke around inside the EXE, and some lines of code will likely start to give the game away:

mscrkff3.jpg


..."Firefox password grabber"? Oh dear.

The observant end-user will notice a .txt file appears on their C Drive, and itcontains all the stored passwords saved via Firefox on their computer:

mscrkff5.jpg

Click to Enlarge

As you can see, the bad guys here seem to be exploiting a well known password recovery tool for nefarious purposes - in this case, Firepassword. You're probably wondering what happens with the stored login details at this point - well, do some more digging in the code and you'll see this:

stolen.jpg

Click to Enlarge

The stolen Firefox passwords are sent to an FTP drop set up by the hacker, and every login you had stored in Firefox at that point is immediately at risk. Of course, if you're foolish enough to play around with hacking tools then there's a good chance you're going to get burned sooner or later...

We detect this as FoxPass.

1 Comments

What do you expect when the biggest social network is not secure. You get the underground hackers using this prolificly, strong medium. They also know that people on MySpace are less concerned about privacy then Facebook users. MySpace is the essence of a punk rock or indies bands website; group's like these are far from concerned in security.

As well, they know that they can get the greatest bang for their time by hiding a password back door in a hacking application that people will be interested in downloading. Aptly named, "MySpace Hacker".

Leave a comment

About this Entry

This page contains a single entry by Christopher Boyd published on August 26, 2008 7:49 PM.

Facebook Worm Still Going Strong was the previous entry in this blog.

ASCII Art Spam is the next entry in this blog.

Find recent content on the main index or look in the archives to find all content.