Malware is a Growing Issue on Social Media
The hackers using a powerful tool that Facebook calls SilentFade hid themselves from their victims. But they couldn't hide their activity from Facebook, at least not forever. The company noticed in 2018 that someone was turning off almost all notifications on certain user accounts by exploiting a weakness in the social network's code.
The company's malware researchers followed that first clue and found a complex hacking campaign that let attackers place scammy ads using compromised Facebook and Instagram accounts. In technical details released last Thursday, Facebook detailed how attackers carried out the campaign. Since Facebook fixed the bug that let attackers turn off notifications, SilentFade is no longer in use on the company's platforms. But Facebook cybersecurity experts said the company expects similar campaigns to become even more popular with hackers on all social media platforms.
The research found variants of the malware included tools for stealing credentials or session cookies for Facebook, Instagram, Twitter and Amazon.
Nathaniel Gleicher, Facebook's head of cybersecurity policy, said in a press briefing last week that he wants to see more collaboration between antivirus makers and social media platforms. Each has information the other needs to stop this kind of hacking campaign. Social media companies can see unusual account activity on its own platforms, and antivirus companies can see infections spreading on users' devices.
Sharing information would help tamp down the problem faster, Gleicher said. "It would be a strong move in the right direction," he added.
Facebook first went public about the hacking campaign in December, when it sued a company based in Hong Kong and two Chinese nationals for creating the malware behind the attacks. At the time, the company said the campaign compromised hundreds of thousands of accounts, and the company reimbursed more than $4 million in ad payments to users. Facebook said it found that hackers compromised their victims by tricking them into installing SilentFade onto their devices. From there, hackers either stole the victims' Facebook or Instagram passwords or the session cookies that kept users logged into their accounts even when they closed their browsers. On accounts where users had stored a payment method for ads, the attackers used their access to place ads for handbags, sunglasses and diet pills.
In a further level of deception, the hackers used a technique called "cloaking" to hide the true content of the links they were including in the ads.
Rob Leathern, Facebook's business integrity head, said the hackers were looking for ways to make money off their access to Facebook and Instagram accounts. They were either earning commissions through ad affiliate networks, or making money by selling products, he said.
At Dallas Network Services, we work with a large variety of businesses based in Dallas and Fort Worth (DFW) and the surrounding area such as Addison, Plano, Carrollton, Denton, Richardson, Garland and beyond. We also extend our reach outside the area to include all Texas and other states. We provide on premise server support including Microsoft Exchange as well as Cloud computing services and hosted solutions. We specialize project services, network support, desktop support and voice over IP (VoIP) business phones. Our fully managed IT services will improve your business reliability as well as your bottom line. Contact us today at www.dallasnetworkservices.com chat or call 214-696-6630. #DNS#dallasnetworkservices#techsupport#hacker#cybersecurity#MSP