Researchers found Facebook Pages spreading malware, existing for years

Facebook is a platform for all sorts of people and there exists a huge amount of accounts and pages we don’t know about. We can randomly like any page without knowing about them in detail. The thing is, Facebook is a platform for entertainment but along with that now it is also a platform for various malicious attacks and security risks.

Facebook always tries to keep its users safe from all sorts of bad actors. Recently, the researchers from CheckPoint Firm found a malicious campaign hiding in plain sight under shady accounts. Researchers exposed a huge network of Facebook accounts that used Libya-themed news and topics to push different sorts of malware to tens of thousands of people over the past five years.

The researchers found this malware when they found someone impersonating Field Marshal Khalida Haftar, commander of Libya’s National Army. That fake account was created in early April and had more than 11,000 followers and this fake account only posted documents showing conspiracies of different companies against Libya and Photos of the Captured pilot that tried to Bomb the Capital of Tripoli.

How these fake accounts spam people

These fake accounts offer some mobile applications that Libyan citizens can use. According to Digital Security Firm CheckPoint, most of the links went to VBScripts, Windows Script Files and android apps are known to be malicious.

They found the fake Haftar by his typos, misspellings, and grammatical errors.

Detailed research on malicious content on Facebook

With the tip of typo mistake, the researchers searched for similar mistakes and found more than 30 Facebook pages some of them active since early 2014, and had been used to spread some malicious links.


The top five pages were collectively followed by more than 422,000 Facebook accounts.

How the attacker operates

The attacker uses URL-shortening services to generate most of the links. This helped Facebook researchers to determine the number of time given link had been clicked and from different geographic regions. The data shows that Facebook pages were the most common source of these links. Most of the clicks came from Libya and some affected machines were also located in Europe, the US, and Canada as well.

Facebook removes all Fake pages and accounts

The pages and accounts violated the policies of Facebook and they took them down after the Researchers reported them.

Facebook continuously harvests a lot of amount in technology to keep malicious activity off Facebook.

How to be safe from such malicious attacks

Although Facebook tries to bring updates every once in a while to keep its users saved from all sorts of cyber crooks but still it depends highly on users to not click on any suspicious links or to not download any untrusted third-party software.


Photo: D-Keine via Getty Images

Read next: Apple’s new privacy login feature puts security at risk

No comments:

Post a Comment