"The malvertising campaign, per Bitdefender, is designed to push fake " Meta Verified" browser extensions named SocialMetrics Pro that claim to unlock the blue check badge for Facebook and Instagram profiles. At least 37 malicious ads have been observed serving the extension in question. "The malicious ads are bundled with a video tutorial that guides viewers through the process of downloading and installing a so-called browser extension, which claims to unlock the blue verification tick on Facebook or other special features," the Romanian cybersecurity vendor said."
"But, in reality, the extension - which is hosted on a legitimate cloud service called Box -- is capable of collecting session cookies from Facebook and sending them to a Telegram bot controlled by the attackers. It's also equipped to obtain the victim's IP address by sending a query to ipinfo[.]io/json."
"Select variants of the rogue browser add-on have been observed using the stolen cookies to interact with the Facebook Graph API to likely fetch additional information related to the accounts. The end goal of these efforts is to sell valuable Facebook Business and Ads accounts on underground forums for profit to other fraudsters, or repurpose them to fuel more malvertising campaigns, which, in turn, leads to more hijacked accounts - effectively creating a self-perpetuating cycle."
Malvertising pushes fake "Meta Verified" browser extensions called SocialMetrics Pro that promise blue verification ticks for Facebook and Instagram. At least 37 malicious ads served the extension alongside a video tutorial that guides users to download and install the add-on. The extension, hosted on Box, collects Facebook session cookies and exfiltrates them to a Telegram bot, and queries ipinfo[.]io/json to obtain victim IP addresses. Some variants use stolen cookies to call the Facebook Graph API to gather more account information. Operators sell Facebook Business and Ads accounts on underground forums or reuse hijacked accounts to run further malvertising. Vietnamese-language artifacts in narration and source comments indicate likely Vietnamese-speaking actors.
Read at The Hacker News
Unable to calculate read time
Collection
[
|
...
]