Journalists Investigate Fake Hacking Tools and Game Cheats

Even in 2019, people still believe they can download free programs from the internet that will magically bring them likes, money, or other benefits. Naturally, criminals continue to exploit this naivety by creating fake hacking tools, cheats for popular games, and other fraudulent software whose real purpose is to steal users’ account credentials.

Lawrence Abrams, founder of Bleeping Computer and a cybersecurity researcher, collected and described several examples of such “tools” in an article. These programs claim to let users hack PayPal, Facebook, CamFrog, or cheat in games like Apex Legends and Roblox.

All the examples described by the researcher are from 2019 (mainly March and April), meaning these scams are quite recent, and there is still demand for such “utilities,” which scammers are happy to supply.

PayPal

A fake PayPal hacking tool was discovered by MalwareHunterTeam at the end of last week. The tool’s advertisement claims it can add money to a PayPal account for free—literally creating money out of thin air. To use the tool, users are asked to enter their login, password, select their country, currency, and the desired amount to add to their account.

After filling in all the required fields, the program pretends to work, simulating that funds have been added to the victim’s account. Of course, no money is actually received; instead, the user’s credentials are sent to the scammers’ email address.

Facebook

Another tool, also found by MalwareHunterTeam, offers users not free money, but the ability to boost likes on Facebook. According to the ad, this program can assign any number of likes to any post on the social network. However, to do this, users must enter their account credentials and the URL of the image they want to “like.”

As soon as the “generate likes” button is pressed, the victim’s login and password are sent to the scammers’ server. No likes are actually generated.

Apex Legends

Scammers closely follow all trends, including popular computer games. A prime example is Fortnite, whose users often become targets for hackers. With the rise of the new and extremely popular battle royale game Apex Legends, criminals have seized the opportunity to exploit it. Lawrence Abrams describes a program that supposedly allows users to cheat in Apex Legends.

In reality, when this “cheat” is launched, a file called Mesyeas.exe is extracted and executed in C:\Program Files (x86)\Microsoft Zpaxhu. This is a remote access trojan that intercepts and records all keystrokes, then sends them to its operators.

Roblox

Creators of various adware bundles constantly flood the internet with countless fake game cheats, software cracks, and hacking tools. These installers are distributed through numerous hacked and fake websites, and participants in these campaigns often receive a small commission for each installation.

As an example, Abrams cites a fake utility for hacking Roblox accounts for free. After launching it, instead of a hacking tool, various unwanted programs are installed on the user’s computer, such as AnonymizerGadget, G-Cleaner, and SeeScenicElf.

The expert notes that among such unwanted programs, there are often real malware threats—clickers, miners, trojans that steal information, and so on.

Wi-Fi

A fake program designed to hack Wi-Fi passwords can cause a lot of trouble for anyone who tries to use it. After launching this “utility,” the user sees a standard message about needing to install .NET, making it seem like the program doesn’t work. In reality, at this moment, the Jigsaw ransomware is already running on the victim’s machine, soon encrypting their data and demanding a ransom.