Hackers are taking advantage of Facebook Ads to carry out malicious activities and compromise users’ accounts, according to cybersecurity analysts at Bitdefender. Social media platforms provide fertile ground for financially motivated threat actors to launch large-scale attacks, given their extensive user base and the opportunities to exploit trust and personal information shared by users.
The use of social media platforms allows hackers to craft convincing scams and entice victims into falling for various financial traps. These platforms offer anonymity and global reach, making it challenging to trace and prosecute the threat actors effectively. Bitdefender researchers recently discovered that hackers are actively leveraging Facebook Ads to distribute malware and hack Facebook accounts.
Cybercriminals view ad networks as viable channels to deceive users and achieve their illicit goals. Ad networks offer a prime medium for threat actors to carry out their attacks. Researchers at Bitdefender Labs have closely monitored the exploitation of social media for malvertising, which refers to the use of legitimate ad tools to spread infected links through deceptive tactics.
The attackers aim to hijack Facebook accounts and steal data using malicious software. They misuse ad networks to circulate infected links, often using enticing tricks to lure victims. Bitdefender researchers identified 10 business Facebook accounts that had been hijacked, with the attackers using media files and running 140 malicious ad campaigns. To evade detection, they cycled through five different ads.
The malicious ads prominently featured photos of young women, which would entice victims to download a malicious payload. Each click on the ad would trigger an archive download potentially up to 100,000 times. Some ads even managed to generate 15,000 downloads within a span of 24 hours, primarily affecting males over the age of 45.
NodeStealer, an info-stealer enabling mass account takeovers, was at the heart of this malvertising campaign. The threat actors initially linked to Vietnamese cybercriminals targeted business users via Facebook Messenger, using a custom-built JavaScript tool. NodeStealer is designed to steal cookie sessions and is primarily tailored to exploit vulnerabilities in specific browsers.
To protect against the NodeStealer malware and other similar threats, cybersecurity researchers strongly recommend using a robust security solution. This can help defend against phishing links, malicious attachments, and deceptive ads. Practicing online vigilance and maintaining good cyber hygiene is essential. Users should exercise caution when encountering unsolicited links and refrain from downloading media files from suspicious ads or alarming notices. Additionally, users should be wary of ads suggesting the download of photo albums from platforms like Bitbucket, Gitlab, or Dropbox, as they may potentially contain malware.
In summary, social media platforms provide a fertile environment for financially motivated threat actors to launch large-scale attacks. Hackers are actively exploiting Facebook Ads to distribute malware and hijack user accounts. Bitdefender researchers have closely monitored such malvertising campaigns, which utilize legitimate ad tools to spread infected links. To protect against these threats, users are advised to employ robust security solutions, practice online vigilance, and avoid downloading media files from suspicious ads or alarming notices. By staying informed and adopting proactive cybersecurity measures, users can mitigate the risks associated with social media threats.