Facebook Hacking Scripts On UserScript.org Are Fake, Or Worse - gHacks Tech News

Facebook Hacking Scripts On UserScript.org Are Fake, Or Worse

Over the past two months or so I have seen a number of Facebook hacking scripts posted on the userscripts.org website that supposedly hack into a user's Facebook account. These scripts - sorry no links - are fake, they won't work, and are maybe even malicious in nature.

The developers use fake reviews and fans to promote the scripts to the frontpage of the Userscripts website to attract more attention. When you look at the reviews and user accounts, you will notice a trend:

  • All users give five stars to the userscript
  • All accounts have a review profile that contains a lot of deleted scripts
  • The language is basic, and usually with bad punctuation and grammar

facebook hack

Facebook Hack Script

Popularity does not happen overnight, and six five star reviews after a script has been available for an hour on the site is rare, but not unseen of. The next clue is the description on the script's frontpage.

It links to a blogspot blog and a direct download link right away. That download link should get you thinking. Why is there a need for a download link again,when scripts get installed directly in the browser?

The reason is simple: The script is used as a teaser to get users to click on the download link. If you look at the script's source code, you will notice that it is doing nothing at all.

It displays the same text that is already posted on the about text in the JavaScript file.

If you open that link in a browser, you are taken to one of those survey doorway pages. Fill out a survey before you can access the contents behind. The poster of the script makes money from those surveys.

Judging from the screenshot posted on the Userscripts website, the actual program looks fake. I closed the browser window once the survey popped up as I had no intention of costly subscriptions or leaking of my personal information to a shady advertiser to verify that first hand.

Even if the program is not fake, which is a really slim chance, it should not be posted on the Userscripts website in first place.

The team behind the scam are pushing other scripts as well. At the time of writing their pushing a Facebook Hack script and a Free Calls Worldwide Hack script on the site. My recommendation? Delete the scripts, ban the poster and reviewer accounts, change the way scripts are promoted to the frontpage (e.g. only after a specific time of being listed), or moderate scripts before they are posted on the site.

There are other scripts out there that are being used for malicious purposes. Some like a lot of pages on Facebook using your account, and others may even steal user data from you.





  • We need your help

    Advertising revenue is falling fast across the Internet, and independently-run sites like Ghacks are hit hardest by it. The advertising model in its current form is coming to an end, and we have to find other ways to continue operating this site.

    We are committed to keeping our content free and independent, which means no paywalls, no sponsored posts, no annoying ad formats (video ads) or subscription fees.

    If you like our content, and would like to help, please consider making a contribution:

    Comments

    1. Savita Bhabhi said on April 1, 2012 at 5:37 pm
      Reply

      Common sense is not so common .

    2. scum said on April 1, 2012 at 6:08 pm
      Reply

      then i look at todays date

    3. pd said on April 1, 2012 at 7:06 pm
      Reply

      I wish it were not true but this is really something that has just been waiting to happen. An bunch of scripts uploaded with no oversight as to what they do then users download them and run them with chrome privileges? Madness.

    4. boris said on April 1, 2012 at 10:42 pm
      Reply

      I used to fight against this crap by posting counter reviews, but it was difficult and I kind of lost interest.

    5. Mystique said on April 2, 2012 at 2:07 am
      Reply

      If its too good to be true…

      Maybe whats needed is a community response ironically a userscript itself which will filter results, block known bad guys and clean up the sites frontpage, etc. The blocking part could be pretty simple and adapted from one of the many google search result filter scripts hosted on the site, a maintained blocklist would be sweet.
      Its usually pretty easy to tell which scripts are bad and which aren’t but there are also some that need to be rated more correctly.

      1. ReX said on April 2, 2012 at 6:48 pm
        Reply

        There is a script like that but I hasn’t been updated since 2008.

        http://userscripts.org/scripts/review/12552

    6. Dean said on April 2, 2012 at 3:56 pm
      Reply

      Let’s face it; if you’re trying to get into someones account you deserve to have your own machine screwed over in the process.

      Call it natural selection.

      1. Mystique said on April 6, 2012 at 8:01 am
        Reply

        That may be true however due to the extreme lack of moderation on userscripts.org something should be done to help, I’m not going to try justify attempting to bypass facebooks security measures but it has to be said that two wrongs don’t make a right.

        There are a large number of scripts on the sight targeting users of such websites in order to exploit them for me its all about the quality, if I was the administrator of the website I would re-write it from the ground up to be more user friendly and avoid such instances.

    Leave a Reply