Cybercriminals are using malicious Chrome extensions to steal Facebook login information in a recent operation.
The reports shared by Malwarebytes Labs also stated that sponsored posts and accounts impersonating Meta/Facebook’s Ads Manager have become more prevalent.
With a focus on Facebook advertising accounts, threat actors like DuckTail, which have been active for a while, have been watched and investigated by Meta.
“In total, we identified over 20 different malicious Facebook Ad Manager archives that installed Chrome extensions or instead went with traditional malware executables”, Malwarebytes reports.
Over 800 victims have been reported globally, including 310 in the US.
Researchers explain that once the MSI installer is finished, the batch script is run, and it effectively creates a new browser window that is started with the custom extension from the previous installation path and directs the victim to the Facebook login page.
“Malicious Google Chrome extensions are used to steal and extract login information,” researchers said.
“That custom extension is cleverly disguised as Google Translate and is considered ‘Unpacked’ because it was loaded from the local computer, rather than the Chrome Web Store,” researchers explain.
In reality, the code is wholly targeted at Facebook and obtaining crucial data bits enabling an attacker to log into accounts.
The threat actors’ interest in Facebook cookies, which they seek through cookies.getAll technique.
Scammers used verified accounts to purchase advertising from Meta. To handle their advertising with a “more professional and secure tool,” they were attempting to persuade potential victims to download software.
“These fraudulent accounts often have tens of thousands of followers and any of their posts can quickly become viral.
Scammers are primarily targeting business users who may spend ad dollars on the platform”, researchers said.
The initial step in compromising those accounts is to drive potential victims to external websites.
The Facebook Ads Manager program, promoted via a download link, serves as the lure.
Businesses may be enticed to optimize their Facebook ad campaigns by clicking on specific postings and installing programs that claim to boost their revenue.
This is an extremely risky practice, even if the instructions promise that the program is secure and malware-free.
As a result, if you downloaded one of those malicious Facebook Ad Manager installers, you should withdraw access to unfamiliar users from their Business Manager account profile that the fraudsters may have created and analyze their transaction history.
A groundbreaking technique for Kerberos relaying over HTTP, leveraging multicast poisoning, has been recently detailed…
Since mid-2024, cybersecurity researchers have been monitoring a sophisticated Android malware campaign dubbed "Tria Stealer,"…
Proton, the globally recognized provider of privacy-focused services such as Proton VPN and Proton Pass,…
The cybersecurity landscape faces increasing challenges as Arcus Media ransomware emerges as a highly sophisticated…
Proofpoint researchers have identified a marked increase in phishing campaigns and malicious domain registrations designed…
A recent investigation by Unit 42 of Palo Alto Networks has uncovered a sophisticated, state-sponsored…