One of the advantages and disadvantages of social media platforms like Facebook is that anyone can send messages. Most of the time, these unsolicited messages come from old classmates or friends, but sometimes they come from hackers.
As reported by BleepingComputer, hackers use a large network of fake or hacked Facebook accounts with the ultimate goal of tricking people into installing password-stealing malware phishing messages.
This new campaign, discovered by Guardio Labs, specifically targets Facebook Business accounts, but emphasizes the risks of opening and responding to unsolicited messages on Facebook and other social media platforms It highlights the risks of opening and responding to unsolicited messages on Facebook and other social media platforms.
Like other phishing campaigns identified in the past, this campaign uses copyright violation notices to attract the attention of vulnerable business owners. However, information about the specific products the business sells is another lure used in this campaign.
After the initial message, the hacker sends a batch file as a RAR or ZIP attachment, hoping that unsuspecting users will download and launch it. The batch file then retrieves the malware dropper from GitHub and infects the system with password-stealing malware.
Along with the payload, the batch file also downloads a standalone Python environment, which it runs each time the system boots, allowing the malware to gain a foothold on the infected computer.Guardio Labs' blog detailing its findings As the post points out, the payload has five layers of obfuscation, making it difficult for even the best antivirus software to detect.
After infecting a vulnerable computer, the malware used in this campaign collects all cookie and login data stored in the victim's browser. This information is compiled into a ZIP file and sent back to the hacker responsible using the Telegram and Discord bot APIs. However, the malware goes a step further and erases all cookies from the victim's computer and logs them out of their account. This gives the hacker the time needed to change the passwords to all of the victim's accounts and take over.
According to researchers at Guardio Labs, approximately 100,000 phishing messages are sent each week targeting Facebook users in North America, Europe, Australia, Japan, and Southeast Asia. To make matters worse, 7% of all Facebook Business accounts are targeted, but only 0.4% download malicious files to infect them with malware.
As with checking the inbox, extreme caution should be exercised when dealing with messages from unknown senders on Facebook and other social media sites.
To determine if a message is genuine, you need to watch for red flags such as misspellings, poor grammar, and urgency. The last one is the most important, as hackers will often try to play on your emotions to get you to click on a message or download an attachment that was sent.
In the above campaign, hackers used fake copyright infringement as a means of creating a sense of urgency. Facebook Business users worried about being hit with a copyright lawsuit might download and open the attached batch file without thinking twice. Even if you are not a business owner, you should not open attachments or images sent to you by strangers on social media. [Malware can often evade antivirus software. For this reason, you may want to invest in the best identity theft protection services to help you recover any financial losses suffered as a result of scams or online fraud.
According to Statista, Facebook remains one of the most popular social media platforms, with 3 billion users worldwide as of August of this year. Unfortunately, its massive size and user base means that it will likely remain a treasure trove for hackers. But it is up to you to read the messages carefully and avoid opening or replying to anything that appears to be from a hacker.
.
Comments