Security News

Facebook and Microsoft remain prime targets for spoofing
2023-07-14 03:30

While trends in phishing frequently evolve, Facebook and Microsoft's collective dominance as the most spoofed brands continues, according to Vade. Facebook and Microsoft's collective dominance as the most spoofed brands continued into H1 2023, with the former accounting for 18% of all phishing URLs and the latter accounting for 15%. Microsoft experienced increase in spoofing attempts.

Cops told: Er, no, you need a wiretap order if you want real-time Facebook snooping
2023-06-30 19:40

New Jersey cops must apply for a wiretap order - not just a warrant - for near-continual snooping on suspects' Facebook accounts, according to a unanimous ruling by that US state's Supreme Court. "We also find that the nearly contemporaneous acquisition of electronic communications here is the functional equivalent of wiretap surveillance and is therefore entitled to greater constitutional protection."

Facebook disrupts new NodeStealer information-stealing malware
2023-05-03 18:10

Facebook discovered a new information-stealing malware distributed on Meta called 'NodeStealer,' allowing threat actors to steal browser cookies to hijack accounts on the platform, as well as Gmail and Outlook accounts. As Facebook's security team explains in a new blog post, it identified NodeStealer early in its distribution campaign, only two weeks after its initial deployment.

Fake ChatGPT Chrome Browser Extension Caught Hijacking Facebook Accounts
2023-03-23 16:29

Google has stepped in to remove a bogus Chrome browser extension from the official Web Store that masqueraded as OpenAI's ChatGPT service to harvest Facebook session cookies and hijack the accounts. The "ChatGPT For Google" extension, a trojanized version of a legitimate open source browser add-on, attracted over 9,000 installations since March 14, 2023, prior to its removal.

Fake ChatGPT for Google extension hijacks Facebook accounts
2023-03-23 14:29

A new Chrome extension promising to augment users' Google searches with ChatGPT also leads to hijacked Facebook accounts, Guardio Labs researchers have found. In this case, when searching for ChatGPT via Google Search, users are served with a malicious sponsored ad that first redirects them to a fake ChatGPT for Google landing page, and then to the malicious extension on the official Chrome Store.

Bogus ChatGPT extension steals Facebook cookies
2023-03-23 07:29

Google has removed a ChatGPT extension from the Chrome store that steals Facebook session cookies - but not before more than 9,000 users installed the account-compromising bot. The malicious extension - Chat GPT For Google - is very similar in name and code to the real ChatGPT For Google extension.

Facebook accounts hijacked by new malicious ChatGPT Chrome extension
2023-03-22 16:44

A trojanized version of the legitimate ChatGPT extension for Chrome is gaining popularity on the Chrome Web Store, accumulating over 9,000 downloads while stealing Facebook accounts. The extension is a copy of the legitimate popular add-on for Chrome named "ChatGPT for Google" that offers ChatGPT integration on search results.

German political parties accused of microtargeting voters on Facebook
2023-03-22 12:31

Remember the Who Targets Me browser extension from privacy activists at Noyb? The group yesterday filed explosive complaints based on log records from the extension that claim six of Germany's political parties broke European data law when they targeted voters on Facebook's adtech platform. The group is claiming the allegedly GDPR-busting activity took place during the country's 2021 federal elections, and filed six complaints yesterday with the Berlin and Bavarian data protection watchdogs against parties spanning the entire German political spectrum.

SYS01 stealer targets Facebook business accounts and browser credentials
2023-03-13 19:11

Morphisec, a security solution provider based in Israel, has reported that an advanced information stealer malware dubbed SYS01 is aimed at stealing access to Facebook business accounts and Chromium-based browsers' credentials. Morphisec's researcher has also seen the SYS01 malware attack critical government infrastructure employees, manufacturing companies and other industries.

Fake ChatGPT Chrome Extension Hijacking Facebook Accounts for Malicious Advertising
2023-03-13 12:24

A fake ChatGPT-branded Chrome browser extension has been found to come with capabilities to hijack Facebook accounts and create rogue admin accounts, highlighting one of the different methods cyber criminals are using to distribute malware. "By hijacking high-profile Facebook business accounts, the threat actor creates an elite army of Facebook bots and a malicious paid media apparatus," Guardio Labs researcher Nati Tal said in a technical report.