Saturday, November 2, 2024
HomeFACEBOOKMalicious Facebook Messenger Chatbots Steal Facebook Pages User's Credentials

Malicious Facebook Messenger Chatbots Steal Facebook Pages User’s Credentials

Published on

Malware protection

As part of a new phishing attack, impersonating the company’s customer support team using Facebook Messenger chatbots, attackers are trying to steal Facebook credentials for managing specific pages on the site.

The idea behind a chatbot is that it can be used as a substitute for live staff. Chatbots often perform tasks like answering simple questions to customers (or triaging their cases) before passing them along to the person in charge.

It is common practice among marketers and customer service representatives to use chatbots for marketing purposes. 

- Advertisement - SIEM as a Service

However, recently, the Trustwave Labs team has detected a very innovative way for hackers to steal the credentials of Facebook page managers. In this case, hackers are using malicious chatbots to steal the credentials of Facebook page managers.

Malicious Facebook Messenger chatbots

The phishing attack is launched by means of an email message. The email notifies the target that their Facebook page has infringed the Community Standards and their page will be taken down unless they appeal the decision within 48 hours.

Facebook users have likely heard of the social networking site cracking down on violators of its rules, so this claim may have resonance with them.

Several errors have been spotted in the message, including the following:- 

  • A mistake in capitalization was made when writing the word “Page”
  • The third sentence has a missing dot at the end

Attack flow

There has been a recent trend to use such typographical errors as indicators that a message is not genuine. In order to access the Facebook Support center, the user must click on the “Appeal Now” button shown above in order to find the page where they can implore the problem.

In order to access the Facebook customer support center, the victim needs to click on that button, which accesses a conversation with an automated chatbot on Messenger.

A standard business page with no followers and no posts is associated with the chatbot on Facebook. Victims would see the following message if they checked the profile:-

  • “Very responsive to messages” 

The above message clearly indicates that the page is actively used and quick to respond.

On the primary phishing page, users are asked to provide the following information if they wish to appeal the page deletion decision:- 

  • Email address
  • Full name
  • Page name
  • Phone number

During the completion of submitting the data and pressing the “Submit” button, a popup appears in which the account password is requested to proceed further. 

Once all the information is acquired, through a POST request all the collected data is then sent to the database that is under the control of the threat actor.

On the final point, the threat actors encourage the victim to enter the OTP that is received through SMS on a fake 2FA page. It is not a legitimate form of submission, since it accepts anything, so it merely serves to give the whole process an air of genuineness.

Once the verification is complete, the victims are directed to an actual Facebook page that contains information regarding intellectual property policy and copyright policies.

To steal credentials from organizations, cyber-threat actors are increasingly using chatbots as part of their phishing attacks. Many sites use automated chatbots and AI to improve their support pages, which makes it difficult to detect these scams.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity updates.

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

LightSpy iOS Malware Enhanced with 28 New Destructive Plugins

The LightSpy threat actor exploited publicly available vulnerabilities and jailbreak kits to compromise iOS...

ATPC Cyber Forum to Focus on Next Generation Cybersecurity and Artificial Intelligence Issues

White House National Cyber Director, CEOs, Key Financial Services Companies, Congressional and Executive Branch...

New PySilon RAT Abusing Discord Platform to Maintain Persistence

Cybersecurity experts have identified a new Remote Access Trojan (RAT) named PySilon. This Trojan...

Konni APT Hackers Attacking Organizations with New Spear-Phishing Tactics

The notorious Konni Advanced Persistent Threat (APT) group has intensified its cyber assault on...

Free Webinar

Protect Websites & APIs from Malware Attack

Malware targeting customer-facing websites and API applications poses significant risks, including compliance violations, defacements, and even blacklisting.

Join us for an insightful webinar featuring Vivek Gopalan, VP of Products at Indusface, as he shares effective strategies for safeguarding websites and APIs against malware.

Discussion points

Scan DOM, internal links, and JavaScript libraries for hidden malware.
Detect website defacements in real time.
Protect your brand by monitoring for potential blacklisting.
Prevent malware from infiltrating your server and cloud infrastructure.

More like this

PrestaShop Website Under Injection Attack Via Facebook Module

A critical vulnerability has been discovered in the "Facebook" module (pkfacebook) from Promokit.eu for...

North Korean Hackers Abusing Facebook & MS Management Console

The North Korean hacking group known as Kimsuky has been reported to employ sophisticated...

Hackers Hijack Facebook Pages to Mimic AI Brands & Inject Malware

Hackers have been found hijacking Facebook pages to impersonate popular AI brands, thereby injecting...