Meta cracks down on mysterious companies spying on Facebook users

Social app icons on a phone screen
(Image credit: dole777 / Unsplash)

Meta has taken action against seven companies that it claims were using Facebook to distribute malware and spy on activists, journalists, and minorities.

In an extensive report, written by members of the Facebook security and espionage investigation teams, the company says the move came as a result of multiple “months-long” investigations. 

"We took action against seven different surveillance-for-hire entities to disrupt their ability to use their digital infrastructure to abuse social media platforms and enable surveillance of people across the internet," the report explains.

"These surveillance providers are based in China, Israel, India, and North Macedonia. They targeted people in over 100 countries around the world on behalf of their clients."

Cobwebs Technologies, Cognyte, Black Cube, Bluehawk CI, BellTroX and Cytrox were named in the report, along with an “unknown entity” in China. 

According to Bleeping Computer, the companies banned from Facebook have defended their actions, saying their tools were only used to help catch “criminals and terrorists”.

Spyware victims

Besides cutting off the surveillance firms from its network, Meta has also warned their victims (allegedly around 50,000 users) that they have been targeted by “sophisticated attackers”.

A separate Citizen Labs report also said that some of the people targeted have had their endpoints infected by multiple spyware strains, probably distributed by different malicious actors. 

Usually, spying and reconnaissance operations have three stages: reconnaissance, engagement, exploitation. Two companies were only engaged in the first two stages, one in the third stage, one in the first and third stages, and three in all stages. 

"Although public debate has mainly focused on the exploitation phase, it’s critical to disrupt the entire lifecycle of the attack because the earlier stages enable the later ones," Meta added.

"If we can collectively tackle this threat earlier in the surveillance chain, it would help stop the harm before it gets to its final, most serious stage of compromising people’s devices and accounts."

There are countless ways in which malicious actors can take advantage of spyware, from obtaining payment data, to identity theft, to communications tracking.

Via Bleeping Computer

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.