Tuesday, May 28, 2024

Malicious Facebook Messenger Chatbots Steal Facebook Pages User’s Credentials

As part of a new phishing attack, impersonating the company’s customer support team using Facebook Messenger chatbots, attackers are trying to steal Facebook credentials for managing specific pages on the site.

The idea behind a chatbot is that it can be used as a substitute for live staff. Chatbots often perform tasks like answering simple questions to customers (or triaging their cases) before passing them along to the person in charge.

It is common practice among marketers and customer service representatives to use chatbots for marketing purposes. 

However, recently, the Trustwave Labs team has detected a very innovative way for hackers to steal the credentials of Facebook page managers. In this case, hackers are using malicious chatbots to steal the credentials of Facebook page managers.

Malicious Facebook Messenger chatbots

The phishing attack is launched by means of an email message. The email notifies the target that their Facebook page has infringed the Community Standards and their page will be taken down unless they appeal the decision within 48 hours.

Facebook users have likely heard of the social networking site cracking down on violators of its rules, so this claim may have resonance with them.

Several errors have been spotted in the message, including the following:- 

  • A mistake in capitalization was made when writing the word “Page”
  • The third sentence has a missing dot at the end

Attack flow

There has been a recent trend to use such typographical errors as indicators that a message is not genuine. In order to access the Facebook Support center, the user must click on the “Appeal Now” button shown above in order to find the page where they can implore the problem.

In order to access the Facebook customer support center, the victim needs to click on that button, which accesses a conversation with an automated chatbot on Messenger.

A standard business page with no followers and no posts is associated with the chatbot on Facebook. Victims would see the following message if they checked the profile:-

  • “Very responsive to messages” 

The above message clearly indicates that the page is actively used and quick to respond.

On the primary phishing page, users are asked to provide the following information if they wish to appeal the page deletion decision:- 

  • Email address
  • Full name
  • Page name
  • Phone number

During the completion of submitting the data and pressing the “Submit” button, a popup appears in which the account password is requested to proceed further. 

Once all the information is acquired, through a POST request all the collected data is then sent to the database that is under the control of the threat actor.

On the final point, the threat actors encourage the victim to enter the OTP that is received through SMS on a fake 2FA page. It is not a legitimate form of submission, since it accepts anything, so it merely serves to give the whole process an air of genuineness.

Once the verification is complete, the victims are directed to an actual Facebook page that contains information regarding intellectual property policy and copyright policies.

To steal credentials from organizations, cyber-threat actors are increasingly using chatbots as part of their phishing attacks. Many sites use automated chatbots and AI to improve their support pages, which makes it difficult to detect these scams.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity updates.


Latest articles

Researchers Exploited Nexus Repository Using Directory Traversal Vulnerability

Hackers target and exploit GitHub repositories for a multitude of reasons and illicit purposes.The...

DDNS Service In Fortinet Or QNAP Embedded Devices Exposes Sensitive Data, Researchers Warn

Hackers employ DNS for various purposes like redirecting traffic to enable man-in-the-middle attacks, infecting...

PoC Exploit Released For macOS Privilege Escalation Vulnerability

A new vulnerability has been discovered in macOS Sonoma that is associated with privilege...

CatDDoS Exploiting 80+ Vulnerabilities, Attacking 300+ Targets Daily

Malicious traffic floods targeted systems, servers, or networks in Distributed Denial of Service (DDoS)...

GNOME Remote Desktop Vulnerability Let Attackers Read Login Credentials

GNOME desktop manager was equipped with a new feature which allowed remote users to...

Kesakode: A Remote Hash Lookup Service To Identify Malware Samples

Today marks a significant milestone for Malcat users with the release of version 0.9.6,...

Cisco Firepower Vulnerability Let Attackers Launch SQL Injection Attacks

 A critical vulnerability has been identified in Cisco Firepower Management Center (FMC) Software's web-based...
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Free Webinar

Live API Attack Simulation

94% of organizations experience security problems in production APIs, and one in five suffers a data breach. As a result, cyber-attacks on APIs increased from 35% in 2022 to 46% in 2023, and this trend continues to rise.
Key takeaways include:

  • An exploit of OWASP API Top 10 vulnerability
  • A brute force ATO (Account Takeover) attack on API
  • A DDoS attack on an API
  • Positive security model automation to prevent API attacks

Related Articles