Security researchers Group-IB discovered a, big scale, Fraudulent campaign targeting Facebook Messenger users worldwide. Analysts at the company's Digital Risk Protection (DRP) have found evidence that users in more than 80 countries in Europe, Asia, the MEA region (Middle East and Africa), North and South America may have been affected.
By distributing ads promoting an alleged Facebook Messenger update, cybercriminals are gathering credentials user login. Researchers have almost discovered 1.000 fake Facebook profile used in the context of this malicious activity. With the discovery of this type of fraud, Group-IB informed the social media giant - which has nothing to do with fake posts - about the current campaign.
It is worth noting that she The fraud was first detected by Group-IB DRP in the summer of 2020, with DRP analysts from different regions - in Asia and Europe - finding traces of the same malicious campaign. Since then, the campaign is constantly evolving. In April, the number of posts on Facebook calling users to install the "latest Messenger update" has reached 5.700. To catch the attention of users, fraudsters use accounts with names that "fake" the real application - Messanger, Meseenger, Masssengar and others - using in parallel the official Facebook Messenger logo as their profile picture.
To circumvent fraud filters, fraudsters use shortened links created with the help of services such as linktr.ee, bit.ly, cutt.us, cutt.ly and rb.gy. After the user clicks on the link that supposedly leads to the download of the application update, he is transferred to a fake Facebook Messenger website with a login form, where he is asked to enter his credentials. Scammers use platforms like blogspot.com, sites.google.com, github.io and godaddysites.com to register fake Facebook Messenger login pages.
In order to entice users to click on the link, the scammers have given the application some non-existent functions, such as Ability to find out who visited their profile and view deleted messages or even being able to go to Gold Messenger. Scammers even use blackmail to force users to download the application, while still threatening that if they do not register on the fake page, their account will be deleted forever.
Group-IB analysts found "Fraudulent" ads targeting users in at least 84 countries worldwide, including Canada, the USA, France, Germany, Italy, Singapore, Malaysia and South Africa. Users who fall victim to this scam run the risk of seeing their personal data leaked and their accounts breached. Scammers, in turn, are likely to use the breached accounts either to blackmail victims, forcing them to pay ransom to be able to access their accounts again, either to further increase the plan using Facebook profiles to distribute fraudulent ads.
Group-IB invites them users to stay alert and follow some basic rules of "hygiene" in cyberspace that will help them not to fall victim to cybercriminals. Users must be especially careful when opening them left-wing. Furthermore, they should never enter personal data on sites accessed from third-party resources, even if they have logos of well-known brands. They will need to enter their login credentials only on the official website of the social network / service or on the official application. It is also worth paying attention to the domain of the page they are visiting - scammers often use domain names with misspellings, as happened with Facebook Messenger.
Source of information: securityaffairs.co