Cybersecurity researchers have disclosed two new campaigns that are serving fake browser extensions using malicious ads and fake websites to steal sensitive data.
The malvertising campaign, per Bitdefender, is designed to push fake “Meta Verified” browser extensions named SocialMetrics Pro that claim to unlock the blue check badge for Facebook and Instagram profiles. At least 37 malicious ads have been observed serving the extension in question.
“The malicious ads are bundled with a video tutorial that guides viewers through the process of downloading and installing a so-called browser extension, which claims to unlock the blue verification tick on Facebook or other special features,” the Romanian cybersecurity vendor said.
But, in reality, the extension – which is hosted on a legitimate cloud service called Box — is capable of collecting session cookies from Facebook and sending them to a Telegram bot controlled by the attackers. It’s also equipped to obtain the victim’s IP address by sending a query to ipinfo[.]io/json.
Select variants of the rogue browser add-on have been observed using the stolen cookies to interact with the Facebook Graph API to likely fetch additional information related to the accounts. In the past, malware like NodeStealer has leveraged the Facebook Graph API to collect budget details of the account.
The end goal of these efforts is to sell valuable Facebook Business and Ads accounts on underground forums for profit to other fraudsters, or repurpose them to fuel more malvertising campaigns, which, in turn, leads to more hijacked accounts – effectively creating a self-perpetuating cycle.
The campaign exhibits all the “fingerprints” typically associated with Vietnamese-speaking threat actors, who are known to adopt various stealer families to target and gain unauthorized access to Facebook accounts. This hypothesis is also bolstered by the use of Vietnamese to narrate the tutorial and add source code comments.
“By using a trusted platform, attackers can mass-generate links, automatically embed them into tutorials, and continuously refresh their campaigns,” Bitdefender said. “This fits a larger pattern of attackers industrializing malvertising, where everything from ad images to tutorials is created en masse.”
The disclosure coincides with another campaign that’s targeting Meta advertisers with rogue Chrome extensions distributed via counterfeit websites posing as artificial intelligence (AI)-powered ad optimization tools for Facebook and Instagram. At the heart of the operation is a fake platform named Madgicx Plus.
“Promoted as a tool to streamline campaign management and boost ROI using artificial intelligence, the extension instead delivers potentially malicious functionalities capable of hijacking business sessions, stealing credentials, and compromising Meta Business accounts,” Cybereason said.
“The extensions are promoted as productivity…
Source link
Disclaimer
We strive to uphold the highest ethical standards in all of our reporting and coverage. We blogs.grocliq.com want to be transparent with our readers about any potential conflicts of interest that may arise in our work. It’s possible that some of the investors we feature may have connections to other businesses, including competitors or companies we write about. However, we want to assure our readers that this will not have any impact on the integrity or impartiality of our reporting. We are committed to delivering accurate, unbiased news and information to our audience, and we will continue to uphold our ethics and principles in all of our work. Thank you for your trust and support.
Website Upgradation is going on for any glitch kindly connect at [email protected]
