We came across a supposed hack-tool called "Facesnoop" this week.
The author uses YouTube videos to promote his software.
Facesnoop 2 was released sometime recently and claims to have "ACTUAL video proof" that it works.
(ACTUAL must be better than actual.)
The video depicts the "hacking" of an account belonging to a young woman named Kristen.
We think Kristen is just a sockpuppet account, so we've blurred the profile picture.
Once you've watched the Facesnoop video, and decide to download, you're directed to a webpage at ShareCash.Org which prompts you to fill out Cost Per Action (CPA) affiliate marketing surveys. (Offers from many of the usual CPA suspects. This is how Facesnoop monetizes his software.)
There's a problem though.
This is what happens when you launch Facesnoop 2:
You get an "Unhandled Access Violation" exception that claims there is a "Net Framework 2.0 missing library". Most people probably click on the "Check For Updates" button at this point, and that opens a webpage requesting even more CPA surveys to be filled out.
Facesnoop's Facebook page has several complaints about this.
(Seriously, who complains about a Facebook hack-tool failing to work on a Facebook Page???)
The Facesnoop author has created a newer page, and it opens to the Info tab to avoid visible complaints.
All of the people complaining about the error shouldn't really be surprised though…
Examining the properties of the executable shows that it was designed to fail.
Look: the Internal Name of the file is "Facesnoop 2 error.exe".
This isn't a hack-tool — it's a fraud-tool.
You can see more details in the executable's code:
E:\Nicolas\Code\fn2 error\Facesnoop 2 error\…
Nicolas? Hmm, where have we seen that name before?
Oh yes, the first video's sockpuppet "victim" was called Hayley.
And the Hayley account has a friend named Nicolas.
And the Nicolas account just happens to "like" Facesnoop. Is it the hack-tool author himself?
We don't know for sure.
All we do know, whomever Nicolas is really… he thinks you're a sucker.