Friday, November 22, 2024
HomeFACEBOOKMalicious Facebook Messenger Chatbots Steal Facebook Pages User's Credentials

Malicious Facebook Messenger Chatbots Steal Facebook Pages User’s Credentials

Published on

As part of a new phishing attack, impersonating the company’s customer support team using Facebook Messenger chatbots, attackers are trying to steal Facebook credentials for managing specific pages on the site.

The idea behind a chatbot is that it can be used as a substitute for live staff. Chatbots often perform tasks like answering simple questions to customers (or triaging their cases) before passing them along to the person in charge.

It is common practice among marketers and customer service representatives to use chatbots for marketing purposes. 

- Advertisement - SIEM as a Service

However, recently, the Trustwave Labs team has detected a very innovative way for hackers to steal the credentials of Facebook page managers. In this case, hackers are using malicious chatbots to steal the credentials of Facebook page managers.

Malicious Facebook Messenger chatbots

The phishing attack is launched by means of an email message. The email notifies the target that their Facebook page has infringed the Community Standards and their page will be taken down unless they appeal the decision within 48 hours.

Facebook users have likely heard of the social networking site cracking down on violators of its rules, so this claim may have resonance with them.

Several errors have been spotted in the message, including the following:- 

  • A mistake in capitalization was made when writing the word “Page”
  • The third sentence has a missing dot at the end

Attack flow

There has been a recent trend to use such typographical errors as indicators that a message is not genuine. In order to access the Facebook Support center, the user must click on the “Appeal Now” button shown above in order to find the page where they can implore the problem.

In order to access the Facebook customer support center, the victim needs to click on that button, which accesses a conversation with an automated chatbot on Messenger.

A standard business page with no followers and no posts is associated with the chatbot on Facebook. Victims would see the following message if they checked the profile:-

  • “Very responsive to messages” 

The above message clearly indicates that the page is actively used and quick to respond.

On the primary phishing page, users are asked to provide the following information if they wish to appeal the page deletion decision:- 

  • Email address
  • Full name
  • Page name
  • Phone number

During the completion of submitting the data and pressing the “Submit” button, a popup appears in which the account password is requested to proceed further. 

Once all the information is acquired, through a POST request all the collected data is then sent to the database that is under the control of the threat actor.

On the final point, the threat actors encourage the victim to enter the OTP that is received through SMS on a fake 2FA page. It is not a legitimate form of submission, since it accepts anything, so it merely serves to give the whole process an air of genuineness.

Once the verification is complete, the victims are directed to an actual Facebook page that contains information regarding intellectual property policy and copyright policies.

To steal credentials from organizations, cyber-threat actors are increasingly using chatbots as part of their phishing attacks. Many sites use automated chatbots and AI to improve their support pages, which makes it difficult to detect these scams.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity updates.

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

240+ Domains Used By PhaaS Platform ONNX Seized by Microsoft

Microsoft's Digital Crimes Unit (DCU) has disrupted a significant phishing-as-a-service (PhaaS) operation run by...

Russian TAG-110 Hacked 60+ Users With HTML Loaded & Python Backdoor

The Russian threat group TAG-110, linked to BlueDelta (APT28), is actively targeting organizations in...

Earth Kasha Upgraded Their Arsenal With New Tactics To Attack Organizations

Earth Kasha, a threat actor linked to APT10, has expanded its targeting scope to...

Raspberry Robin Employs TOR Network For C2 Servers Communication

Raspberry Robin, a stealthy malware discovered in 2021, leverages advanced obfuscation techniques to evade...

Free Webinar

Protect Websites & APIs from Malware Attack

Malware targeting customer-facing websites and API applications poses significant risks, including compliance violations, defacements, and even blacklisting.

Join us for an insightful webinar featuring Vivek Gopalan, VP of Products at Indusface, as he shares effective strategies for safeguarding websites and APIs against malware.

Discussion points

Scan DOM, internal links, and JavaScript libraries for hidden malware.
Detect website defacements in real time.
Protect your brand by monitoring for potential blacklisting.
Prevent malware from infiltrating your server and cloud infrastructure.

More like this

SYS01 InfoStealer Malware Attacking Meta Business Page To Steal Logins

The ongoing Meta malvertising campaign, active for over a month, employs an evolving strategy...

PrestaShop Website Under Injection Attack Via Facebook Module

A critical vulnerability has been discovered in the "Facebook" module (pkfacebook) from Promokit.eu for...

North Korean Hackers Abusing Facebook & MS Management Console

The North Korean hacking group known as Kimsuky has been reported to employ sophisticated...