Wednesday, May 22, 2024

Facebook ads Abused to Steal 615000+ Logins in Phishing Campaign

Facebook ads and Github pages seem to be the latest route opted for by cybersecurity attackers to phish for and steal credentials of Facebook users.

Researchers at Nepalese cybersecurity firm, Threat Nix, have uncovered a wide spread campaign targeted at Nepal, Philippines, Egypt and several other countries.

It is anticipated that this campaign may have already hit at least 50 countries and over 615,000 users, and a number of victims seems to be increasing at a rapid pace of 100 victims per minute.

This campaign was first discovered by the researchers when they noticed a sponsored Facebook post offering 3GB mobile data from a Nepalese telecom provider.

Once the ad was clicked on, it led to a phishing site hosted on a Github page. These pages mimicked the original page greatly and were almost impossible to tell the difference between the original and fake pages.

https://threatnix.io/blog/wp-content/uploads/2020/12/image-5.png

How does the attack work?

The phishing sites mimicked the Facebook login page and stole the unsuspecting victims’ credentials and then that would reach two endpoints, one to a Firestore database and another to a domain owned by the phishing group.

Though Facebook does a great deal to ensure such phishing pages are denied for ads, in this case, the attackers were smart and managed to find a loophole in the process. They used Bitly’s links which would point to a non-hostile page and once the ad was approved, it was modified to that of the phishing page.

https://threatnix.io/blog/wp-content/uploads/2020/12/image-6-1024x562.png

Almost 500 Github repositories containing phishing pages were discovered. It is possible that similar tactics were used earlier as the earliest of these pages dates back to 5 months, and some of the repositories were deleted.

The domain is registered and hosted at GoDaddy and was registered on 3rd April 2020.Four other domains have also been identified and linked with this scam.

Threat Nix is working with the concerned authorities to track these attackers and take down the malicious phishing pages. No further details have been released yet as this an ongoing investigation.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity, and hacking news updates.

Website

Latest articles

Hackers Claiming Access to Qatar National Bank Database

A group of hackers has claimed to have accessed the database of Qatar National...

Cloud-Based Malware Attack Abusing Google Drive & Dropbox

A phishing email with a malicious zip attachment initiates the attack. The zip contains...

OmniVision Technologies Cyber Attack, Hackers Stolen Personal Data in Ransomware Attack

OmniVision Technologies, Inc. (OVT) recently disclosed a significant security breach that compromised its clients'...

Critical Flaw In Confluence Server Let Attackers Execute Arbitrary Code

The widely used team workspace corporate wiki Confluence has been discovered to have a...

Threat Actors Leverage Bitbucket Artifacts to Breach AWS Accounts

In a recent investigation into Amazon Web Services (AWS) security breaches, Mandiant uncovered a...

Hackers Breached Western Sydney University Microsoft 365 & Sharepoint Environments

Western Sydney University has informed approximately 7,500 individuals today of an unauthorized access incident...

Memcyco Report Reveals Only 6% Of Brands Can Protect Their Customers From Digital Impersonation Fraud

Memcyco Inc., provider of digital trust technology designed to protect companies and their customers...
Guru baran
Guru baranhttps://gbhackers.com
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Free Webinar

Live API Attack Simulation

94% of organizations experience security problems in production APIs, and one in five suffers a data breach. As a result, cyber-attacks on APIs increased from 35% in 2022 to 46% in 2023, and this trend continues to rise.
Key takeaways include:

  • An exploit of OWASP API Top 10 vulnerability
  • A brute force ATO (Account Takeover) attack on API
  • A DDoS attack on an API
  • Positive security model automation to prevent API attacks

Related Articles