Security experts from Facebook disclosed details about a sophisticated malware campaign “SilentFade” linked to Chinese actors that targeted Facebook’s ad platform between late 2018 and February 2019. In a security conference, the researchers stated that SilentFade exploited a vulnerability in Facebook’s ad platform by leveraging a combination of a Windows Trojan and browser injections to stay undetected; however, it was patched soon after. Facebook also took legal action against the threat group in December 2019.
The hacker group used a malware Trojan to compromise the users’ browsers and steal passwords and browser cookies to eventually obtain authorized access to their Facebook accounts. They mainly targeted for accounts that had the payment method linked to their profiles. The malware campaign ran ads from compromised Facebook accounts and used cloaking elements to escape detection.
“Our investigation uncovered a number of interesting techniques used to compromise people with the goal to commit ad fraud. The attackers primarily ran malicious ad campaigns, often in the form of advertising pharmaceutical pills and spam with fake celebrity endorsements. The attackers also created detection challenges. They cloaked their landing pages and made purchases appear valid by using the legitimate credit cards and PayPal accounts linked to the compromised user accounts. Industry investigators are rarely able to see an end-to-end picture of credential compromise directly leading to abuse on a particular platform,” the researchers said.
Facebook Takes Down Hundreds of Fake Accounts
Recently, Facebook took down two separate networks that originated from China and the Philippines for violating its Coordinated Inauthentic Behavior (CIB) policy. In an official release, the social networking giant stated that it has removed 155 fake accounts, 11 pages, 9 groups, and 6 Instagram accounts for breaching its guidelines against foreign or government interference. Facebook stated that state-sponsored actors from China are using these accounts to influence public opinion across the Philippines, the U.S., and Southeast Asia. The actors behind this network posted global news and current events in Chinese, Filipino, and English languages.