A recent report by Dismislab, an independent research organization, has revealed a disturbing surge in cybercrime targeting Facebook users worldwide, including Bangladesh. Unscrupulous hackers are utilizing deceptive strategies to trick users into downloading seemingly legitimate tools such as Facebook Ad Manager and Google Bard, but these tools are, in fact, vehicles for harmful malware that infects users’ devices.
The report highlights the alarming trend of hackers focusing on page administrators and digital marketing professionals who frequently advertise on Facebook. The primary motives behind these fraudulent schemes are financial gain and the theft of personal information used for advertising purposes.
Dismislab carefully analyzed data from 58 Facebook pages over the past two months to uncover the nature, motives, methods, financial incentives, and origins of these fraudulent campaigns. The findings indicate that a majority of these campaigns originate from the Philippines and Vietnam, affecting users in several countries, including Bangladesh.
The modus operandi of hackers begins with the creation of seemingly credible websites, incorporating keywords like Meta, Ad Manager, Google Bard, or AI in the URL. They then either create new Facebook pages with similar names or hack existing ones, altering their titles to deceive users. These fraudulent pages are promoted through Facebook, luring unsuspecting users to click on malicious links.
Once users fall for the enticing download link on the website, malware is surreptitiously installed on their devices, exposing them to various security risks. The malicious software stealthily collects sensitive personal information, including passwords, and may bombard the user’s device with intrusive ads. Moreover, the malware can disable the computer’s firewall, granting hackers access to users’ Facebook pages, which are exploited to promote fraudulent posts and ads.
According to experts cited in the Dismislab report, financial incentives drive these hacking campaigns. After gaining access to compromised Facebook pages, hackers embezzle advertising funds from Business Manager and promote their deceptive posts using victims’ accounts. Additionally, hackers exploit users’ devices by installing adware to generate profits. The stolen user information is also sold to third parties, exacerbating the dangers of these attacks. The primary targets of these hacking attempts are administrators of large Facebook pages that actively advertise products or services.
The report includes harrowing accounts of victims who have fallen prey to these hacking attempts, such as Adarsha, a prominent Bangladeshi publishing house that had its verified Facebook page hijacked. Hackers edited Adarsha’s posts, replaced them with ads, and even changed the page’s name and cover photo.
The malware identified in the report, including Trojan-PSW.Agent.BP and Win32.Trojan.Tedy, is specifically designed to steal sensitive information, particularly passwords, and send it to the attackers. Some of the malware also functions as adware, inundating users with intrusive pop-up ads and significantly slowing down their devices.
Minhaj Aman, Research Lead at Dismislab, emphasized the evolving nature of this vicious hacking strategy, stating that hackers are experimenting with different AI tools and even associating harmful malware with adult content.
In response to these threats, Aman advises users not to click on anything randomly in their newsfeed and urges caution, especially for those with business pages on social media platforms like Facebook.
The report also highlights the financial losses suffered by victims such as digital marketing agencies and page administrators. Recovering hacked pages is often a challenging and uncertain process, with efforts to regain control taking considerable time and effort.
While Facebook has taken measures to combat these hacking attempts by removing several pages and suspending websites, the report stresses that hackers persist in evolving their tactics to evade countermeasures. As such, users must remain vigilant and take appropriate precautions to protect themselves and their pages from these cyber threats.
