Wednesday, July 24, 2024

Malicious Chrome Extension Steals Businesses Ads Manager Login Details

Cybercriminals are using malicious Chrome extensions to steal Facebook login information in a recent operation.

The reports shared by Malwarebytes Labs also stated that sponsored posts and accounts impersonating Meta/Facebook’s Ads Manager have become more prevalent.

With a focus on Facebook advertising accounts, threat actors like DuckTail, which have been active for a while, have been watched and investigated by Meta.

“In total, we identified over 20 different malicious Facebook Ad Manager archives that installed Chrome extensions or instead went with traditional malware executables”, Malwarebytes reports.

Over 800 victims have been reported globally, including 310 in the US.

Malicious Chrome Extension

Researchers explain that once the MSI installer is finished, the batch script is run, and it effectively creates a new browser window that is started with the custom extension from the previous installation path and directs the victim to the Facebook login page.

“Malicious Google Chrome extensions are used to steal and extract login information,” researchers said.

Malicious Extension

“That custom extension is cleverly disguised as Google Translate and is considered ‘Unpacked’ because it was loaded from the local computer, rather than the Chrome Web Store,” researchers explain.

Quick hex obfuscation to hide

In reality, the code is wholly targeted at Facebook and obtaining crucial data bits enabling an attacker to log into accounts.

The threat actors’ interest in Facebook cookies, which they seek through cookies.getAll technique.

Fake Ads Manager Accounts

Scammers used verified accounts to purchase advertising from Meta. To handle their advertising with a “more professional and secure tool,” they were attempting to persuade potential victims to download software.

“These fraudulent accounts often have tens of thousands of followers and any of their posts can quickly become viral.

Scammers are primarily targeting business users who may spend ad dollars on the platform”, researchers said.

The initial step in compromising those accounts is to drive potential victims to external websites.

The Facebook Ads Manager program, promoted via a download link, serves as the lure.

Final Thoughts

Businesses may be enticed to optimize their Facebook ad campaigns by clicking on specific postings and installing programs that claim to boost their revenue.

This is an extremely risky practice, even if the instructions promise that the program is secure and malware-free.

As a result, if you downloaded one of those malicious Facebook Ad Manager installers, you should withdraw access to unfamiliar users from their Business Manager account profile that the fraudsters may have created and analyze their transaction history.


Latest articles

ShadowRoot Ransomware Attacking Organizations With Weaponized PDF Documents

A rudimentary ransomware targets Turkish businesses through phishing emails with ".ru" domain sender addresses....

BreachForumsV1 Database Leaked: Private messages, Emails & IP Exposed

BreachForumsV1, a notorious online platform for facilitating illegal activities, has reportedly suffered a massive...

250 Million Hamster Kombat Players Targeted Via Android And Windows Malware

Despite having simple gameplay, the new Telegram clicker game Hamster Kombat has become very...

Beware Of Malicious Python Packages That Steal Users Sensitive Data

Malicious Python packages uploaded by "dsfsdfds" to PyPI infiltrated user systems by exfiltrating sensitive...

Chinese Hackers Using Shared Framework To Create Multi-Platform Malware

Shared frameworks are often prone to hackers' abuses as they have been built into...

BlueStacks Emulator For Windows Flaw Exposes Millions Of Gamers To Attack

A significant vulnerability was discovered in BlueStacks, the world's fastest Android emulator and cloud...

Google Chrome 127 Released with a fix for 24 Security Vulnerabilities

Google has unveiled the latest version of its Chrome browser, Chrome 127, which is...
Guru baran
Guru baran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Free Webinar

Low Rate DDoS Attack

9 of 10 sites on the AppTrana network have faced a DDoS attack in the last 30 days.
Some DDoS attacks could readily be blocked by rate-limiting, IP reputation checks and other basic mitigation methods.
More than 50% of the DDoS attacks are employing botnets to send slow DDoS attacks where millions of IPs are being employed to send one or two requests per minute..
Key takeaways include:

  • The mechanics of a low-DDoS attack
  • Fundamentals of behavioural AI and rate-limiting
  • Surgical mitigation actions to minimize false positives
  • Role of managed services in DDoS monitoring

Related Articles