A new cybercrime group has been identified by Malwarebytes to be targeting business owners who use Facebook's advertising tools.
In a report from the company, Senior Threat Researcher Jérôme Segura noted, “there's been a resurgence in sponsored posts and accounts that impersonate Meta/Facebook's own Ads Manager” promising better ad performance.
The attack, which leads victims to install a malicious Chrome browser extension, looks to have generated more than $180,000 in compromised ad budget to date.
Fake Facebook ad generator
Malicious accounts redirect unsuspecting victims to external phishing domains, which use legitimate branding and favicons to trick users into thinking they are still on the Facebook platform.
Among the malicious downloads is a Chrome extension, which uses a Google Translate icon despite its promise to generate better Facebook ad returns. Segura says:
“A quick look at its source code reveals immediate hex obfuscation in an attempt to hide what it is actually doing.”
Reverse engineering found that the extension indeed has nothing to do with Google Translate, and instead focuses on grabbing Facebook login information.
Malwarebytes has discovered more than 20 similar campaigns, one of which goes on to accidentally leak its own stolen data and, subsequently, Google account information, which has since been passed on to Meta by the researchers.
All in, it looks like more than 800 victims have been taken advantage of worldwide, with around two in five coming from the US. The information, which has been shared with Meta, indicates that the threat actors are from Vietnam and are largely targeting Facebook business accounts.
Malwarebytes suggests that Business Manager accounts should regularly be checked for unknown users. Periodically running malware scans also serves as a valuable exercise that could prevent data and money theft.
In response, a Meta spokesperson told TechRadar Pro in an email that the company "welcome[s] external security research into malware targeting advertising platforms like [Meta's]" and that it has worked with Malwarebytes to take action against this malware.
A recent Meta post highlights some of the work it has done to protect businesses that may be targeted by malware. Meta encourages users to take caution when installing third-party extensions and apps, to turn on log-in alerts, and to enable Business notifications. Of course, there is also more generic Internet hygiene that all users should follow, including using unique and strong passwords, and enabling two-factor authentication (2FA),
- Check out our roundup of the best endpoint protection
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
With several years’ experience freelancing in tech and automotive circles, Craig’s specific interests lie in technology that is designed to better our lives, including AI and ML, productivity aids, and smart fitness. He is also passionate about cars and the decarbonisation of personal transportation. As an avid bargain-hunter, you can be sure that any deal Craig finds is top value!