Sunday, August 9, 23:47
Home security Facebook is used to spread Trojans from 2014

Facebook is used to spread Trojans from 2014

FacebookAccording researchers, Facebook has been used by hackers, as platform Trojans Remote Access (RAT) distribution from 2014.

Research from Check Point has shown that this "large-scale" hacking campaign is related to political issues in Libya.

Ο the campaign's goal was to spread RAT, and especially Houdini, Remcos and SpyNote. According to the researchers, the victims came mainly from Libya, Europe, the USA and China. It is estimated that tens of thousands of systems have been affected.

The hacker, behind the campaign, used the political upheaval in Libya for their benefit. The hacker handled a Facebook page, supposedly belonging to the commander of the Libyan National Army, Khalifa Haftar, and, through it, spread the maliciously software.

The page, created in April of 2019, was very convincing, with the result that it has attracted over 11.000 fans of Haftar. The posts, which went up on the page, usually had political content and contained links with reports and material allegedly leaked and related to Libyan issues. In fact, if someone opened the links, they were leading to malicious content.

Opening the links resulted in malicious VBE and WSF files for Windows computers and malicious software APKs for the operating system system Android. Execution of the malicious files led, in turn, to the installation Trojan.

The malicious program was hosted in public services such as Google Drive, Box, and Dropbox.

After discovering this page, many other pages, groups and accounts both inside and outside Facebook, which were also used to distribute malicious software.

On Facebook, there were over 30 pages, which have shared about 40 malicious links, from 2014. Indeed, one of these has influenced over 100.000 users.

Researchers believe the attacker may have taken control of some popular, legitimate pages and used them for his benefit.

To avoid suspicion, the hacker may also publish legitimate content about Libya's news. Between the legitimate content there will be links that lead to false applications and malicious services.

Researchers spotted the attacker through a command-and-control server (C2), which hosted and shared malicious payloads. This led to "Dexter Ly", a Facebook account owned by the hacker.

Dexter Ly appears to have participated in other attacks aimed at stealing confidential information about Libya.

"Although the attacker does not support a political party or any of the opposing sides in Libya, his actions appear to be motivated by political events," the investigators said. "This may mean that the attacker is targeting specific individuals."

Researchers informed Facebook about their findings and the platform removed all relevant pages and accounts.

A Facebook spokesman said:

“These pages and accounts violated our policies, so we removed them after the Check Point researchers reported. We try to keep malicious activity away from Facebook and encourage people to stay alert and not click suspicious links. "


Please enter your comment!
Please enter your name here

Absent Mia
Absent Mia
Being your self, in a world that constantly tries to change you, is your greatest achievement


How to type in multiple languages ​​simultaneously on Android

People in today's world are very much addicted to smartphones. They provide access to many applications that can be used mainly ...

LucidPix: Make your photos 3D with this app!

Give a 3D format to your photos, with the LucidPix application, which is available in various versions for both Android and iPhone ...

Private or anonymous browsing: Does it guarantee your privacy on the Internet?

The term "private" is relevant, especially when it comes to private or anonymous browsing on the Internet, a setting in your web browser ...

Businesses: 8 types of cyber attacks to watch out for

Nowadays, all businesses, small and large must be on alert, as they can ...

How to reverse image search via Google?

The term "image search" is familiar to those who use search engines. It means that you are looking for an image related to a text that ...

Email tracking: How to be invisible in Gmail

Most people do not know what "email tracking" is, and they often fall victim to hacking and data interception when they open ...

Free services to check the validity of your passwords

Two-factor authentication, one-on-one connectivity and other tools have made it easier than ever to improve your internet security, ...

How can you back up your Gmail?

Many users may change jobs, decide to stop using a particular email account or just want a copy ...

Amazon Prime Video: How to create a new user profile?

Amazon Prime Video has added a new handy feature: the ability to create separate profiles with individual parental controls. See how you can ...

Hacker leaked online 20 GB of Intel internal documents!

Intel is investigating reports that a hacker has leaked online 20 GB of data coming from the giant of ...