Hackers have been detected breaking into popular verified Facebook pages and using them to run ads on the social media behemoth distributing malware.
Social consultant Matt Navarra first spotted the malicious campaign, outlining the danger on Twitter.
Navarra noted whoever is behind the campaign first targeted popular Facebook pages (one of the victims has more than seven million followers and has been active for over a decade). Should they gain access, they would change the page’s name into a variant of Meta (Facebook’s parent company), or Google.
Cheeky scams
Then, they would purchase an ad on the social media network, in which they would target page managers and advertising professionals. “Because of security issues for upcoming users, you can no longer manage ad accounts in the browser,” the ad reads. “Switch to a more professional and secure tool,” the ad concludes, before sharing an obviously fraudulent download link.
There are multiple issues with this campaign, Navarra says, including how the accounts were breached, how Facebook allowed the threat actors to change the page’s name into something seemingly related to Meta and keep the blue checkmark, and how they managed to actually buy and run ads which are obviously redirecting the target audience to a shady website, at best.
Facebook has since disabled all of the affected accounts, and shut down the malicious campaigns, TechCrunch further reported. It also said that Facebook pages now show if the page changed its name in the past, and from what, which is a welcome addition to bolster transparency.
“We invest significant resources into detecting and preventing scams and hacks,” a Meta spokesperson told TechCrunch. “While many of the improvements we’ve made are difficult to see – because they minimize people from having issues in the first place – scammers are always trying to get around our security measures.”
- These are the best firewalls right now
Via: TechCrunch