pixel
Connect with us

Facebook

Facebook finally removed some pages that had been spreading malware since at least 2014

If it can’t detect this, what hope do we have of Facebook policing hate speech?

facebook user in libya
Image: Check Point Research

Just a heads up, if you buy something through our links, we may get a small share of the sale. It’s one of the ways we keep the lights on here. Click here for more.

An investigation by cybersecurity vendor Check Point Research uncovered a network of Facebook pages that had been spreading malware at least since 2014. The pages were infecting users with Remote Access Trojans (RATs), through malicious links shared by the pages. All of the discovered pages have been terminated by Facebook at this time.

Check Point Research called it “Operation Tripoli,” as the large-scale campaign was focused solely on Libya and the ongoing political crisis in the country. Social engineering like this is getting ever more sophisticated, with attackers using URL shorteners to hide their malware-laced sites from casual inspection.

At least 30 accounts have been found spreading malware and have been terminated

operation tripoli malware campaign reach

Image: Check Point Research

To give you an idea of the scale of the campaign, some of the accounts had 100,000+ followers. As the attackers used URL shorteners, it made the researchers able to track how many clicks on each link, and from which countries. One link was clicked over 6,500 times, with 5,120 of those coming from users in Libya.

  • The links were disguised as leaks from Libya’s intelligence units
  • Once clicked, they tried to download remote-administration tools to the users’ devices, which were hosted in cloud storage services such as Dropbox
  • The researchers followed a trail of misspelled words and typos through multiple Facebook pages
  • Be careful what you click on when browsing social media

It’s worth noting that even if the users clicked on the links and had RATs downloaded to their device, it doesn’t mean that all of those resulted in a successful infection. Most devices will have some kind of malware protection. Keep your antivirus updated and try not to click on sketchy links in the first place.

What do you think? Glad to see Facebook dealing with these accounts or should more be done? Let us know down below in the comments or carry the discussion over to our Twitter or Facebook.

Editors’ Recommendations:

Follow us on Flipboard, Google News, or Apple News

Maker, meme-r, and unabashed geek with nearly half a decade of blogging experience at KnowTechie, SlashGear and XDA Developers. If it runs on electricity (or even if it doesn't), Joe probably has one around his office somewhere, with particular focus in gadgetry and handheld gaming. Shoot him an email at joe@knowtechie.com.

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

More in Facebook