Facebook claims that a Chinese company is responsible for operating SilentFade malware and the malicious ad-fraud campaign.
Facebook’s security experts discovered a sophisticated Chinese-sponsored malware campaign stealing millions of dollars from users through SilentFade malware in 2018.
Facebook’s security team successfully shut down the malicious scheme and shared the scam’s full details at last week’s Virus Bulletin 2020 security conference.
The social network’s security researchers Sanchit Karve and Jennifer Urgilez revealed that the campaign was most active from late 2018 to Feb 2019 but could be operational from 2016.
SilentFade is a shorter version of Silently running Facebook Ads with Exploits. The malware can steal Facebook credentials and web browser cookies. The malware helped hackers siphon $ 4 million from user’s advertising accounts.
According to Facebook’s security team, the attackers hijacked users’ Facebook accounts through malware and used them for purchasing ads on behalf of the users. Facebook’s team also noted that the malware wasn’t limited to Facebook only. Its operations were noticed in December 2018 when suddenly there was an increase in suspicious traffic around several Facebook endpoints.
A sample carousel of ads run by accounts infected by SilentFade malware
1 of 3
During their investigation, Facebook’s team identified various interesting techniques that the malware used for compromising user accounts. The main objective was to commit ad fraud, and run ad campaigns, sometimes as pharmaceutical pills ads and fake celebrity endorsements.
Moreover, the malware’s initial attack vector wasn’t Facebook or its products, as it came bundled with PUPs (potentially unwanted programs). Since all Chromium and Firefox browsers store cookies and credentials in the SQLite database; malware running on an infected endpoin ..
Support the originator by clicking the read the rest link below.
