A 2016 Facebook malware campaign, known to use a combination of Windows trojan, browser injections, clever scripting and a bug in the social network’s platform, has resurfaced in India, targeting millions of users, a new report warned on Monday.
According to an investigation by cyber security firm Kaspersky, India ranks first with 603 infections in January on the list of infected countries by this particular malware.
Brazil (255 infections) and Indonesia (221) followed at second and third position.
The social media malware campaign, run by a hacker group known as SilentFade gang in 2016, was a very sophisticated and rare modus operandi to target Facebook users.
Facebook had revealed that the group managed to defraud infected users of more than $4 million, which they used to post malicious ads across the social network.
Kaspersky experts recently recorded Frank rootkit and after having it analysed, they found it has many similarities to the campaign run by the SilentFade gang.
A rootkit is cloaked software that infiltrates an operating system or a database with the intention to escape detection, resist removal, and perform a specific operation.
Back in 2016, the purpose of SilentFade’s operations was to infect users with the trojan, hijack the user’s browsers, and steal passwords and browser cookies so as to access their Facebook accounts.
Once the cybercriminals had access, the group searched for accounts that had any type of payment method attached to their target’s profile.
For these accounts, SilentFade bought Facebook ads with the victim’s funds.
Then, the cybercriminals start promoting their ads through the Facebook advertising platform.
Facebook had said that SilentFade was part of a larger trend and a new generation of cybercrime actors that appear to reside in China and have persistently targeted its platform and user base.
“It’s ‘Safer Internet Day’ on February 9, and this year is all about enhancing digital communications and digital transformation. While we celebrate this digitalisation, it is also important to understand the perils of the World Wide Web,” the company said in a statement.
“Cybercriminals primarily make use of social media platforms to target their victims and the easiest way for them to do this is, to show us an ad that we are likely to click on,” it added.
If you have an interesting article / experience / case study to share, please get in touch with us at firstname.lastname@example.org