Stresspaint Malware Steals Facebook Login Credentials | Antivirus Software

Stresspaint Malware - Facebook Login Credentials Hacker

A malware called Stresspaint was detected in April 2018 to collect the login credentials of Facebook users. Distributed through the pirated website aol.net, the malware managed to infect more than 40,000 PCs from April 12 to 16. According to Radware investigators, the StressPaint Trojan affected residents of Vietnam, Russia, Pakistan, Indonesia, Ukraine, and Italy.

According to the sources, the information thief malware is being distributed through the pirated website aol.net and phishing emails that promote the Relieve Stress Paint application. The application is being distributed with the Stresspaint malware which once launched opens Facebook in the background and begins to accumulate login credentials, session cookies, network traffic, and other personally identifiable information.

Amazon - the Next Target

The Stresspaint malware programmers don't seem to be confined to Facebook. According to malware researchers, the credentials of Amazon users may be seen soon.

The researchers found that the crooks who manage the spread of the Relieve Stress Paint tool infected by the malware that steals Facebook data are using an open Chinese CMS known as Layuicms2.0. Upon in-depth analysis, it was noted that the dashboard not only displays metrics for Facebook attacks and data but also contains a section that reports the same data for Amazon. Thus, it is hoped that these or similar Stresspaint attacks can be launched soon against Amazon users.

The Technical Side of Trojan Performance

Stresspaint is an example of a professionally developed information thief. Within less than four days, he managed to attack over 45,000 PCs and steal tens of thousands of Facebook login credentials. These numbers are noteworthy, aren't they?

The main reason hackers have been so successful is probably related to the precise preparation of the virus before its release. The group of malware distributors applies filters to attack people who have Facebook accounts with passwords saved or the Amazon payment section enabled.

If the potential victim complies with the requirements, the malware is executed and runs scripts and installs malicious registry keys that help to keep it persistent in the system without being noticed and steal personal data without any obstacles.

• Temp \\\\ DX.exe
• Temp \\\\ updata.dll
• Desktop \\ RelieveStressPaint.lnk
• HKLM \\\\ SOFTWARE \\\\ Microsoft \\\\ Windows \\\\ CurrentVersion \\\\ Run \\\\ Updata
• HKCU \\ Software \\ Classes \\ VirtualStore \\ MACHINE \\ SOFTWARE \\ RelieveStressPaint \\ guid

These are just a few examples of changes that Stresspaint malware initiates. After successful development, it is practically impossible to detect it in the system as it has no negative effect on the system's performance.

It can only be found when running a scan with a professional anti-malware program. A thorough scan of the system should provide a log with the detection of Stresspaint. Trojan or Stresspaint.Inforstealer, which should be immunized immediately.

The Virus Leaks Data From Facebook Each Time the Relieve Stress Paint Application is Launched

The Relieve Stress Paint tool may look legitimate and useful. However, it is just a simple painting tool that apparently can do more harm than good. Upon installation, the tool is downloaded together with a Trojan. Subsequently, the malware creates the entry Desktop \\ RelieveStressPaint.lnk on the desktop, which is a shortcut to launch the application.

Unfortunately, every time you click on the shortcut and start the application, it activates the tracking software and accumulates Facebook login credentials, including username and password. If the Trojan successfully exposes log-in information, it can log into the account and steal information, such as the number of Facebook friends, payment method settings, account activity, and the like.

Facebook Accounts Could Be Hacked

At the moment, malware researchers have not reported any instances of a Facebook hijacking caused by the Relieve Stress Paint malware. However, it is believed that the virus is still in the development phase or in an initial phase of data collection.

It is hoped that the collected data can be used for blackmail, espionage, malvertising, monetization, and similar activities. Not to mention the hacking of the Facebook account. It is essential to use professional antivirus and other security tools like total security software. Also, be careful with the content you submit online.