Facebook finally removed some pages that had been spreading malware since at least 2014
If it can’t detect this, what hope do we have of Facebook policing hate speech?
Just a heads up, if you buy something through our links, we may get a small share of the sale. It’s one of the ways we keep the lights on here. Click here for more.
An investigation by cybersecurity vendor Check Point Research uncovered a network of Facebook pages that had been spreading malware at least since 2014. The pages were infecting users with Remote Access Trojans (RATs), through malicious links shared by the pages. All of the discovered pages have been terminated by Facebook at this time.
Check Point Research called it “Operation Tripoli,” as the large-scale campaign was focused solely on Libya and the ongoing political crisis in the country. Social engineering like this is getting ever more sophisticated, with attackers using URL shorteners to hide their malware-laced sites from casual inspection.
At least 30 accounts have been found spreading malware and have been terminated
To give you an idea of the scale of the campaign, some of the accounts had 100,000+ followers. As the attackers used URL shorteners, it made the researchers able to track how many clicks on each link, and from which countries. One link was clicked over 6,500 times, with 5,120 of those coming from users in Libya.
- The links were disguised as leaks from Libya’s intelligence units
- Once clicked, they tried to download remote-administration tools to the users’ devices, which were hosted in cloud storage services such as Dropbox
- The researchers followed a trail of misspelled words and typos through multiple Facebook pages
- Be careful what you click on when browsing social media
It’s worth noting that even if the users clicked on the links and had RATs downloaded to their device, it doesn’t mean that all of those resulted in a successful infection. Most devices will have some kind of malware protection. Keep your antivirus updated and try not to click on sketchy links in the first place.
What do you think? Glad to see Facebook dealing with these accounts or should more be done? Let us know down below in the comments or carry the discussion over to our Twitter or Facebook.
Editors’ Recommendations:
- Facebook is going to start downranking pages that spread sensational health claims
- It is now illegal to distribute deepfake revenge porn in Virginia
- Amazon’s latest PR stunt involved fake packages and a failed sting operation
- Dick Pic Attack is another “prank” app that is just as awful as it sounds