We have recently received a tip from one of our researchers, Steven Burn, who is continuously investigating on several persistent Facebook hacking scams—In case you’re not aware, some scams come and go every now and then, with the individuals or group behind them merely rehashing the same lures and tactics; services that offer the hacking of Facebook accounts is one such scam.

Using a single line of text to look for potential scam destinations, Burn came across not one but thousands of compromised sites offering this particular type of hacking service.

The search string is: Are you curious to “hack facebook password” well then this post is just for you

search-resultsclick to enlarge

Once users click any of the search result links, they are redirected multiple times and then land on a page in the domain, trackphone[DOT]tk:

trackphoneclick to enlarge


Read: “A Nefarious Use of Google Drive to Load Malicious Redirects”


Clicking the big green button that says “Go to new site” directs to a page from mspy[DOT]com.

mspyclick to enlarge

View Every Keystroke Entered Into a Monitor Smartphone
Use mSpy – the Ultimate Monitoring Tool For all Devices
✓ WhatsApp, SMS, call logs, location tracking & 25 more features
✓ Compatible also with iOS, Windows and Mac OS
✓ Easily accessible from any browser
✓ Protect your kids or employees
✓ 24/7 multi-language support

In case you’re not familiar, mSpy is a highly popular and controversial software that markets itself as a tool that a parent can use to monitor their child’s activities on their mobile devices or a tool that a doubting husband or wife can use to catch their cheating partners red handed.

In May of this year, mSpy was hacked. KrebsOnSecurity first caught wind of the 400,000 stolen sensitive user data, which included Apple IDs, passwords, photos, corporate email threads and others being leaked in the Deep Web at that time.

The software-as-a-service (SaaS) company had denied that a hacking incident took place at first, but admitted to it a day after the news broke.

We have looked at the compromised sites closely. It appears that they were taken over to host spammy content with links at first, and then, based on their current behavior now, became intermediary URLs to the final destination, which is the .tk site that we have pointed out earlier.

Below is a captured screenshot of an intermediary URL with its spammy content c/o Google cache:

intermediaryclick to enlarge

In addition, we have determined that other than the search string we have noted above, there are also other strings that, when used, can yield results that lead to the same .tk site.

Below is just a short list that we were able to compile and test so far. We’re positive that there are more floating around, so be careful when clicking links while using any of these strings:

  • app to track where your phone is
  • remote install cell phone spyware reviews
  • tracking facebook login videos
  • track blackberry with bbm pin
  • free text spyware yahoo
  • how to have text messages forwarded to email do i get
  • cell phone finder app yahoo
  • spy on cell phone test messages free 500mb
  • phone tracking apps youtube
  • iphone monitoring parents
  • how to spy on someone iphone live
  • phone tracking software free 100
  • cell phone tracker apps zedge
  • track into facebook inbox passwords
  • spy on texts quest
  • app to track lost android phone
  • child phone tracker 5s
  • spy films com

According to statistics from Alexa, trackphone[DOT]tk is currently within the top 15 .tk sites on the Web, and that the mSpy domain has been accessed by users via this .tk site, which is second only to direct Google searches. This amount of traffic is likely due to the compromised sites.

Web admins, do take care to beef up the security of the sites you are managing to avoid being taken over by hackers. Internet users, be extra vigilant in keeping security in mind when visiting links from search lookups.

For others who are contemplating on using tools similar to mSpy, especially if you’re a parent, we implore that you think this through carefully before using it, because you may inadvertently expose your child to harm more than good this way.

Jovi Umawing (Thanks to Steven)