Jump to content
akkiliON

Facebook Self-XSS Scam Fools Users into Hacking Themselves

Recommended Posts

  • Active Members
Posted (edited)

facebook-hacking-script.png

Scammers have again targeted more than one billion active users of the popular social networking giant Facebook, to infect as many victims as possible.

Not by serving fake post, neither by providing malicious video link, instead this time scammers have used a new way of tricking Facebook users into injecting or placing malicious JavaScript or client-side code into their web browsers.

This malicious code could allow an attacker to gain access to victims’ accounts, thereby using it for fraud, to send spams, and promoting further attacks by posting the scam on timeline to victims’ friends. This technique is known as Self Cross-site Scripting or Self XSS.

Self-XSS (Self Cross-Site Scripting) scam is a combination of social engineering and a browser vulnerability, basically designed to trick Facebook users’ into providing access to their account. Once an attacker or scammer gets access to users’ Facebook account, they can even post and comment on things on users’ behalf.

In order to infect Facebook user, the cyber crooks send a phishing message via an email or a Facebook post from one of the friends in the list of the targeted victim claiming, in this case, a way to hack any Facebook user by following some simple steps.

The posted scam looks as follows:

  • Hack any Facebook account following these steps:
    1. Go to the victim’s profile
    2. Click right click then click on inspect element and click the “Console” tab.
    3. Paste the code into the box at the bottom and press Enter.

    The code is in the web site: http://textuploader .com****/

    Good luck: *

    Don’t hurt anybody…

    [*]

Facebook-hacking.jpg

Once you self inject this malicious script to your account, it will give away the access of your whole account to the one who could do a variety of malicious activities, basically spreading all sorts of malicious campaigns. The hackers can also infect victim’s computer with malware that can collect banking details and send them to a remote location controlled by them.

Facebook has also listed the scam on the list of threats its users have been observed to fall victim to. “Scammers who use Self-XSS usually trick you by promising to help you hack somebody else's account,” reads the post. “The scammer's goal is to get you to run their malicious code on your computer. When you run their code, you grant the scammer access to your account for fraud, spam, and tricking more people into running the scam.”

Spotting these scams and reporting them are the best way to protect yourself, but if you fall victim to one of these attacks, don't panic! Follow the link to learn more about protecting your Facebook account.

Facebook is also working with various browser vendors to add protection in the browser in an effort to prevent this vector from being exploited.

Facebook Self-XSS Scam Fools Users into Hacking Themselves

Me when I saw this: http://media-cache-ec0.pinimg.com/736x/a9/75/fd/a975fd06905ccf698c5bc7e8db7ff8f6.jpg

Edited by akkiliON
  • Active Members
Posted

Daca dai inspect element pe facebook.com si dai la consola se v-a vedea asta:


.d8888b. 888 888
d88P Y88b 888 888
Y88b. 888 888 This is a browser feature intended for
"Y888b. 888888 .d88b. 88888b. 888 developers. If someone told you to copy-paste
"Y88b. 888 d88""88b 888 "88b 888 something here to enable a Facebook feature
"888 888 888 888 888 888 Y8P or "hack" someone's account, it is a
Y88b d88P Y88b. Y88..88P 888 d88P scam and will give them access to your
"Y8888P" "Y888 "Y88P" 88888P" 888 Facebook account.
888
888
888

For more information, see https://www.facebook.com/selfxss.
"

Deci sunt avertizati.

//scuze cred ca am postat in acelasi timp

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.



×
×
  • Create New...