Security News > 2020 > October > Years-Long ‘SilentFade’ Attack Drained Facebook Victims of $4M
Facebook has detailed a wide-scale Chinese malware campaign that targeted its ad platform for years and siphoned $4 million from users' advertising accounts.
Once installed, SilentFade stole Facebook credentials and cookies from various browser credential stores, including Internet Explorer, Chromium and Firefox.
The malware retrieves the metadata about the Facebook account, using the Facebook Graph API, which is a legitimate Facebook feature allowing users to read and write data to and from the Facebook social graph.
While users' Facebook credentials are valuable, users with credit cards linked accounts also gave cybercriminals the ability to use those payment cards to promote malicious ads on Facebook.
"We anticipate more platform-specific malware to appear for platforms serving large and growing audiences, as the evolving ecosystem targeting Facebook demonstrates," said Facebook.