Tag Archive for: META

Meta Warns of 8 Spyware Firms Targeting iOS, Android, and Windows Devices

/in


Spyware Firms

Meta Platforms said it took a series of steps to curtail malicious activity from eight different firms based in Italy, Spain, and the United Arab Emirates (U.A.E.) operating in the surveillance-for-hire industry.

The findings are part of its Adversarial Threat Report for the fourth quarter of 2023. The spyware targeted iOS, Android, and Windows devices.

“Their various malware included capabilities to collect and access device information, location, photos and media, contacts, calendar, email, SMS, social media, and messaging apps, and enable microphone,camera, and screenshot functionality,” the company said.

The eight companies are Cy4Gate/ELT Group, RCS Labs, IPS Intelligence, Variston IT, TrueL IT, Protect Electronic Systems, Negg Group, and Mollitiam Industries.

These firms, per Meta, also engaged in scraping, social engineering, and phishing activity that targeted a wide range of platforms such as Facebook, Instagram, X (formerly Twitter), YouTube, Skype, GitHub, Reddit, Google, LinkedIn, Quora, Tumblr, VK, Flickr, TikTok, SnapChat, Gettr, Viber, Twitch and Telegram.

Specifically, a network of fictitious personas linked to RCS Labs, which is owned by Cy4Gate, is said to have tricked users into providing their phone numbers and email addresses, in addition to clicking on bogus links for conducting reconnaisance.

Another set of now-removed Facebook and Instagram accounts associated with Spanish spyware vendor Variston IT was employed for exploit development and testing, including sharing of malicious links. Last week, reports emerged that the company is shutting down its operations.

Cybersecurity

Meta also said it identified accounts used by Negg Group to test the delivery of its spyware, as well as by Mollitiam Industries, a Spanish firm that advertises a data collection service and spyware targeting Windows, macOS, and Android, to scrape public information.

Elsewhere, the social media giant actioned on networks from China, Myanmar, and Ukraine exhibiting coordinated inauthentic behavior (CIB) by removing over 2,000 accounts, Pages, and Groups from Facebook and Instagram.

While the Chinese cluster targeted U.S. audiences with content related to criticism of U.S. foreign policy towards…

Source…

Meta says it locked pro-Palestinian accounts after signs of security compromise

/in


Palestinians take part in a protest in support of the people of Gaza, as the conflict between Israel and Palestinian Islamist group Hamas continues, in Hebron, in the Israeli-occupied West Bank, October 25, 2023.

Mussa Issa Qawasma | Reuters

Meta, the owner of Instagram and Facebook, said Wednesday that its security staff had detected a possible hacking attempt on pro-Palestinian accounts with millions of followers and locked the accounts while it tries to reach the account owners. 

The account @eye.on.palestine had more than 6 million followers on Instagram before it suddenly went dark Wednesday, according to an archived description on Google’s search engine. A backup account, @eye.on.palestine2, was also unavailable Wednesday, as were a related Facebook account and a Threads account. 

The accounts focused on posting media from Gaza, including videos and images of injured people. The material was generally unverified by international journalists. It’s not clear who or how many people posted to the pages. 

When they were visited Wednesday, the Instagram pages returned the message: “Sorry, this page isn’t available.” 

The disruption to the accounts has sparked anger among followers. In posts on X, some followers interpreted the disappearance of the pages as an example of anti-Palestinian censorship. 

But Meta said late Wednesday that it had disabled the accounts because of security concerns. 

“These accounts were initially locked for security reasons after signs of compromise, and we’re working to make contact with the account owners to ensure they have access,” Meta spokesperson Andy Stone said in a statement. 

“We did not disable these accounts because of any content they were sharing,” he said. 

Stone didn’t provide any other details about Meta’s investigation into the signs of compromise. He said the investigation was continuing. 

The account owners couldn’t be reached by NBC News for comment Wednesday, including by email.

In an update Thursday morning, Stone said the company had been able to reach the accounts’ administrators and that the accounts would be able to reactivate.

“These accounts were initially locked for security reasons after signs of compromise,” Stone said in a…

Source…

Hackers Impersonate Meta Recruiter to Target Aerospace Firm

/in


Cyberwarfare / Nation-State Attacks
,
Fraud Management & Cybercrime
,
Social Engineering

Lazarus Deploys New Backdoor to Target Aerospace Firm

Vasudevan Nair
October 1, 2023    

Hackers Impersonate Meta Recruiter to Target Aerospace Firm

Researchers discovered an undocumented backdoor named LightlessCan being used by the North Korea-backed Lazarus Group to target a Spanish aerospace company.

See Also: Live Webinar | Cyber Resilience: Recovering from a Ransomware Attack

Eset researchers said an employee of the aerospace firm was lured with a fake job opportunity. The attacker masquerading as a Meta recruiter and tricked the victim into downloading and executing the malicious codes on a company device.

The hackers obtained initial access to the company’s network last year after a successful spear-phishing campaign and masquerading as a recruiter for Meta.

The ongoing attack campaign called “Operation DreamJob” is run by Lazarus, where a fake recruiter reach out to the victim via LinkedIn and sends two coding challenges required as part of the hiring process.

“The most worrying aspect of the attack is the new type of payload, LightlessCan, a complex and possibly evolving tool that exhibits a high level of sophistication in its design and operation, representing a significant advancement in malicious capabilities compared to its predecessor, BlindingCan,” researchers said.

Recently, federal authorities warned of “significant risk” for potential attacks on healthcare and public health sector entities by the Lazarus group involving exploitation of a critical vulnerability in 24 ManageEngine IT management tools from Zoho.

The alert issued by the U.S. Department of Health and Human Services’ Health Sector…

Source…

Meta warns of ChatGPT malware on Facebook – Global Village Space

/in


AI Tools: The New Weapon for Malware Attacks

Artificial Intelligence (AI) has become a buzzword in the tech industry, and it seems that everyone is obsessed with it, including hackers. In a recent security report released by Facebook’s parent company, Meta, the company’s security team has been tracking new malware threats that weaponize the current AI trend.

Meta claims that it has discovered “around ten new malware families” that are using AI chatbot tools like OpenAI’s popular ChatGPT to hack into users’ accounts. One of the more pressing schemes, according to Meta, is the proliferation of malicious web browser extensions that appear to offer ChatGPT functionality. Users download these extensions for Chrome or Firefox, for example, in order to use AI chatbot functionality. Some of these extensions even work and provide the advertised chatbot features. However, the extensions also contain malware that can access a user’s device.

According to Meta, it has discovered more than 1,000 unique URLs that offer malware disguised as ChatGPT or other AI-related tools and has blocked them from being shared on Facebook, Instagram, and Whatsapp. Once a user downloads malware, bad actors can immediately launch their attack and are constantly updating their methods to get around security protocols. In one example, bad actors were able to quickly automate the process which takes over business accounts and provides advertising permissions to these bad actors.

Meta says it has reported the malicious links to the various domain registrars and hosting providers that are used by these bad actors. However, this is just the tip of the iceberg. Hackers are constantly evolving their tactics and using AI tools to make their attacks more sophisticated and harder to detect.

The use of AI in malware attacks is not new. In fact, it has been around for some time now. Hackers have been using machine learning algorithms to create more effective malware that can evade traditional security measures. They can also use AI to automate their attacks, making them faster and more efficient.

One of the most significant risks associated with AI-powered malware is that it can learn and…

Source…