Security News

Hackers use a massive network of fake and compromised Facebook accounts to send out millions of Messenger phishing messages to target Facebook business accounts with password-stealing malware. The researchers report roughly 100,000 phishing messages per week, sent mainly to Facebook users in North America, Europe, Australia, Japan, and Southeast Asia.​. Guardio Labs reports that the scale of the campaign is such that approximately 7% of all of Facebook's business accounts have been targeted, with 0.4% having downloaded the malicious archive.

A new phishing attack is leveraging Facebook Messenger to propagate messages with malicious attachments from a "Swarm of fake and hijacked personal accounts" with the ultimate goal of taking over the targets' accounts. "Originating yet again from a Vietnamese-based group, this campaign uses a tiny compressed file attachment that packs a powerful Python-based stealer dropped in a multi-stage process full of simple yet effective obfuscation methods," Guardio Labs researcher Oleg Zaytsev said in an analysis published over the weekend.

"And with businesses now leveraging the reach of social media for advertising, attackers have a new, highly-lucrative type of attack to add to their arsenal - hijacking business accounts." Cyber attacks targeting Meta Business and Facebook accounts have gained popularity over the past year, courtesy of activity clusters such as Ducktail and NodeStealer that are known to raid businesses and individuals operating on Facebook.

Hackers exploited a zero-day vulnerability in Salesforce's email services and SMTP servers to launch a sophisticated phishing campaign targeting valuable Facebook accounts.The attackers chained a flaw dubbed "PhishForce," to bypass Salesforce's sender verification safeguards and quirks in Facebook's web games platform to mass-send phishing emails.

A sophisticated Facebook phishing campaign has been observed exploiting a zero-day flaw in Salesforce's email services, allowing threat actors to craft targeted phishing messages using the company's domain and infrastructure. What makes the attack notable is that the phishing kit is hosted as a game under the Facebook apps platform using the domain apps.

Cybersecurity researchers have unearthed a Python variant of a stealer malware NodeStealer that's equipped to fully take over Facebook business accounts as well as siphon cryptocurrency. NodeStealer was first exposed by Meta in May 2023, describing it as a stealer capable of harvesting cookies and passwords from web browsers to compromise Facebook, Gmail, and Outlook accounts.

The Norwegian Data Protection Authority, the country's data privacy watchdog, has banned behavioral advertising on Meta's Facebook and Instagram social networks. Meta extensively monitors the users' actions, meticulously tracking their activities across its platforms, according to the Norwegian DPA. The company uses content preferences, the info they post on Facebook and Instagram, and their location information to build personalized profiles that simplify targeted advertising, a tactic commonly known as behavioral advertising.

While trends in phishing frequently evolve, Facebook and Microsoft's collective dominance as the most spoofed brands continues, according to Vade. Facebook and Microsoft's collective dominance as the most spoofed brands continued into H1 2023, with the former accounting for 18% of all phishing URLs and the latter accounting for 15%. Microsoft experienced increase in spoofing attempts.

New Jersey cops must apply for a wiretap order - not just a warrant - for near-continual snooping on suspects' Facebook accounts, according to a unanimous ruling by that US state's Supreme Court. "We also find that the nearly contemporaneous acquisition of electronic communications here is the functional equivalent of wiretap surveillance and is therefore entitled to greater constitutional protection."

Facebook discovered a new information-stealing malware distributed on Meta called 'NodeStealer,' allowing threat actors to steal browser cookies to hijack accounts on the platform, as well as Gmail and Outlook accounts. As Facebook's security team explains in a new blog post, it identified NodeStealer early in its distribution campaign, only two weeks after its initial deployment.