Tag Archive for: META

Meta Expunges Multiple APT, Cybercrime Groups From Facebook, Instagram

/in


Facebook parent Meta said it thwarted the activity of three advanced persistent threat groups (APTs) in South Asia engaged in cyber espionage as well as six adversarial groups from various global regions engaged in what it deems “inauthentic behavior” on Facebook and other social networks.

The company’s takedown of these and other activities on its platforms is indicative of a sea of consistent and globally dispersed exploitative behavior from threat actors to leverage various online platforms to create elaborate social-engineering campaigns to lure and exploit Internet users, the company said.

In most of the cases, threat actors are using Facebook and other social networking and media platforms —including Twitter, Telegram, YouTube, Medium, TikTok, and Blogspot — to create various fake online accounts and personas, according to Meta. The attackers used fake identities, including job recruiters, journalists, or even military personnel, to earn credibility with users and legitimate entities so they could engage in malicious threat activity, the company said.

In its Quarterly Adversarial Threat Report released today, Meta detailed these incidents as well as actions it’s now taking to minimize security threats that leverage its platforms.

The report draws from Meta’s security monitoring of the use of its platforms, as well as monitoring of the Internet overall in order to flag malicious activity, which is increasingly becoming more dispersed across various platforms and geographies and thus harder to track, Nathaniel Gleicher, head of security policy at Meta, told journalists in a briefing on the report May 2.

“These threats are extremely persistent, and that they’re not going anywhere because the threat actors behind them are financially motivated,” he said. “That’s why we see … adversarial adaptation … including malware operators, spreading themselves across many places at once. So each phase of the campaign relies on a different service to survive.”

As part of its work to combat this activity, Meta also plans to empower businesses as well with a new tool it will release later this year to help them identify malicious activity as well as malware being used by the threat groups…

Source…

The Terrifying Malware Targeting Meta Ad Accounts

/in


Ducktail: The Malware Targeting Meta Ad Accounts

It is the malware that’s terrifying digital marketers. It’s called Ducktail — and, with a pinch of social engineering, it can get into your Meta ad accounts and start spending millions of dollars on your company’s credit card.

And if you think two-factor authentication will save you, you’re wrong, because this exploit can even get past hardware keys like Yubico.

It happened to MTA Digital, a performance ad agency in Poland. Paweł Skibiński leads paid social there. They noticed the hack when a colleague was at a workshop, showing their biggest client some of their campaign performance.

Paweł: He saw that something was wrong with the naming of the campaigns. And he [said] “Wait a minute, these are not our campaigns.” Then we just ended the workshop.

The hackers had gotten in, essentially ignoring their two-factor authentication, and started spending. More than a million dollars.

Paweł: It was using a browser plugin — some of the plugins [were] hacked, and they used that to get access.

Tod: But what did the plugin’s functionality purport to do? Like, presumably you didn’t download a plugin for your browser called “Let us into your Facebook account.” What did it pretend to be on its way in?

Paweł: This was some kind of grammar plugin, but it was [one] of the normal ones. So it wasn’t that suspicious…. With some plugins, they want more access to the website than the other ones. 

We now have a very strict list of plugins that we can use on the browser that we are logged into company accounts in.

For example, the TikTok pixel helper, we don’t use it on those accounts, because it just asks for too much. And last time I checked Twitter’s pixel helper — it was like more than two years ago — but at that time, it was also just asking for too much.

Then, they got hacked a second time. But this time, the hackers didn’t even need a browser plugin. Skibiński believes they were able to scrape the two-factor backup codes using an invisible web browser.

This weekend, our full conversation where Paweł and his colleague go step-by-step how they were hacked and what brands and agencies can do to protect themselves from this very scary malware.

Source…

Oops! Meta Security Guards Hacked Facebook Users

/in


Facebook parent Meta has disciplined or fired at least 25 workers for allegedly hacking into user accounts. Some of the workers were contract security guards, we’re told.

Wait … disciplined or fired? How were they not all fired? And prosecuted? And how come security guards have access to Facebook’s internal account-recovery tools?

All these questions and more will be asked in today’s SB Blogwatch. Please tell me it’s the weekend tomorrow.

Your humble blogwatcher curated these bloggy bits for your entertainment. Not to mention: Hello there.

‘Oops’ not Even the Half of It

What’s the craic? Kirsten Grind, Robert McMillan, Salvador Rodriguez and Jim Oberman tag team to report—“Employees, Security Guards Fired for Hijacking User Accounts”:

Workers accepted thousands of dollars in bribes
Meta … has fired or disciplined more than two dozen employees and contractors over the last year whom it accused of improperly taking over user accounts, in some cases allegedly for bribes. … Some of those fired were contractors who worked as security guards [who] were given access to the Facebook parent’s internal mechanism for employees to help users having trouble with their accounts … known internally as “Oops.”

Oops, an acronym for Online Operations, is supposed to be fairly limited to special cases, like friends, family, business partners and public figures, but its usage has climbed. … In 2020, the channel serviced about 50,270 tasks, up from 22,000 three years earlier.

In some cases workers accepted thousands of dollars in bribes from outside hackers to access user accounts. … Because so many people depend on social media for their businesses, or to manage critically important aspects of their lives, gaining illicit control of an account can be lucrative.

And Aaron Mok runs amok—“Meta reportedly accused dozens of workers”:

Some of the fired workers denied the accusations
As part of an internal investigation, Meta executives reportedly found that some employees were abusing Oops by working with third parties to gain unauthorized access to accounts in exchange for tens of thousands of dollars. … Meta fired dozens of…

Source…

Meta Flags Malicious Android, iOS Apps Affecting 1M Facebook Users

/in


Facebook is contacting about 1 million users of its platform about their account details potentially being compromised by malicious Android or iOS applications.

In a blog post on Oct. 7, Facebook’s parent company Meta said its researchers had detected 400 malicious Android and iOS apps over the past year that were designed to steal usernames and passwords belonging to Facebook users and to compromise their accounts. The poisoned apps were uploaded to Google’s and Apple’s app stores and masqueraded as legitimate games, VPN services, photo applications, and other utilities.

When users downloaded and attempted to use one of the malicious apps, it would prompt them to enter the user’s Facebook username and password. If a user entered their credentials, attackers would gain full access to the individual’s account, private information, and their friends on the social media platform, Meta said.

“This is a highly adversarial space, and while our industry peers work to detect and remove malicious software, some of these apps evade detection and make it onto legitimate app stores,” David Agranovich, Meta’s director of threat disruption, and Ryan Victory, malware discovery and detection and engineer, wrote in the blog post. 

Meta reported the apps to Apple and Google, and the researchers noted, “We are also alerting people who may have unknowingly self-compromised their accounts by downloading these apps and sharing their credentials and are helping them to secure their accounts.”

Posed as Legitimate Apps

Many of the iOS and Android apps that Meta detected on Apple and Google’s mobile stores purported to have some fun or useful functionality, like music players and cartoon image editors. A plurality (42%) posed as photo editors, some of which claimed they could turn a user’s photo into a cartoon. 

About 15% purported to be business utilities, such as VPNs that claimed to help users access blocked content and websites or to boost their Internet browsing speeds; 14% were phone utilities, such as flashlight apps that purportedly helped brighten the phone’s flashlight. 

Mobile games accounted for about 11% of the 400 or so malicious apps that Meta’s researchers discovered. Fake reviews might have…

Source…