24 matches found
Google AppSheet Exploited in 30,000-User Facebook Phishing Operation
Scammers are abusing Google AppSheet and Google Drive to bypass security filters and steal thousands of Facebook Business accounts globally...
AitM Phishing Targets TikTok Business Accounts Using Cloudflare Turnstile Evasion
Threat actors are using adversary-in-the-middle AitM phishing pages to seize control of TikTok for Business accounts in a new campaign, according to a report from Push Security. Business accounts associated with social media platforms are a lucrative target, as they can be weaponized by bad actor...
Fake Madgicx Plus and SocialMetrics Extensions Are Hijacking Meta Business Accounts
Cybersecurity researchers have disclosed two new campaigns that are serving fake browser extensions using malicious ads and fake websites to steal sensitive data. The malvertising campaign, per Bitdefender, is designed to push fake "Meta Verified" browser extensions named SocialMetrics Pro that...
New Phishing Scam Uses Fake Instagram Chatbot to Hijack Accounts
New phishing scam targets Instagram business accounts using fake chatbots and support emails, tricking users into handing over login credentials...
Facebook Malvertising Campaign Spreads Malware via Fake Bitwarden
A Facebook malvertising campaign disguised as Bitwarden updates spreads malware, targeting business accounts. Users are tricked into installing…...
Hackers Employ Updated Ducktail to Target Indian Marketers
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary The threat actors linked to the Ducktail stealer malware have been implicated in a new campaign that focused on marketing professionals in India. The primary goal of this campaign was to compromise and...
Ducktail fashion week
Ducktail is a malware family that has been active since the second half of 2021 and aims to steal Facebook business accounts. WithSecure and GridinSoft have covered Ducktail attacks: the infostealer spread under the guise of documents relating to well-known companies and brands projects and...
NodeStealer Malware Hijacking Facebook Business Accounts for Malicious Ads
Compromised Facebook business accounts are being used to run bogus ads that employ "revealing photos of young women" as lures to trick victims into downloading an updated version of a malware called NodeStealer. "Clicking on ads immediately downloads an archive containing a malicious .exe 'Photo...
NodeStealer Malware Now Targets Facebook Business Accounts on Multiple Browsers
An ongoing campaign is targeting Facebook Business accounts with bogus messages to harvest victims' credentials using a variant of the Python-based NodeStealer and potentially take over their accounts for follow-on malicious activities. "The attacks are reaching victims mainly in Southern Europe...
Vietnamese Hackers Deploy Python-Based Stealer via Facebook Messenger
A new phishing attack is leveraging Facebook Messenger to propagate messages with malicious attachments from a "swarm of fake and hijacked personal accounts" with the ultimate goal of taking over the targets' Business accounts. "Originating yet again from a Vietnamese-based group, this campaign...
Vietnamese Cybercriminals Targeting Facebook Business Accounts with Malvertising
Malicious actors associated with the Vietnamese cybercrime ecosystem are leveraging advertising-as-a-vector on social media platforms such as Meta-owned Facebook to distribute malware. "Threat actors have long used fraudulent ads as a vector to target victims with scams, malvertising, and more,"...
New NodeStealer Variant Targeting Facebook Business Accounts and Crypto Wallets
Cybersecurity researchers have unearthed a Python variant of a stealer malware NodeStealer that's equipped to fully take over Facebook business accounts as well as siphon cryptocurrency. Palo Alto Networks Unit 42 said it detected the previously undocumented strain as part of a campaign that...
Criminals target businesses with malicious extension for Meta's Ads Manager and accidentally leak stolen accounts
Like all social media platforms, Facebook constantly has to deal with fake accounts, scams and malware. We have written about scams targeting consumers that redirect to fake Microsoft alert pages, but there are also threats targeting businesses that use Facebook to promote their products and...
SYS01stealer: New Threat Using Facebook Ads to Target Critical Infrastructure Firms
Cybersecurity researchers have discovered a new information stealer dubbed SYS01stealer targeting critical government infrastructure employees, manufacturing companies, and other sectors since November 2022. "The threat actors behind the campaign are targeting Facebook business accounts by using...
A New Malware Called Album Stealer is Targeting Facebook Users
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Album Stealer is a malware that disguises itself as a photo album and drops decoy adult images while performing malicious activity in the background. It uses a side-loading technique to execute malicious...
Ducktail Malware Operation Evolves with New Malicious Capabilities
The operators of the Ducktail information stealer have demonstrated a "relentless willingness to persist" and continued to update their malware as part of an ongoing financially driven campaign. "The malware is designed to steal browser cookies and take advantage of authenticated Facebook session...
New PHP Version of Ducktail Malware Hijacking Facebook Business Accounts
A PHP version of an information-stealing malware called Ducktail has been discovered in the wild being distributed in the form of cracked installers for legitimate apps and games, according to the latest findings from Zscaler. "Like older versions .NetCore, the latest version PHP also aims to...
Hackers Breach LastPass Developer System to Steal Source Code
Password management service LastPass confirmed a security incident that resulted in the theft of certain source code and technical information. The security breach is said to have occurred two weeks ago, targeting its development environment. No customer data or encrypted passwords were accessed,...
Ducktail Malware Exploits LinkedIn to Hack Facebook Business Accounts
By Waqas Ducktail malware targets users and organizations on Facebook Business and Ads platform in this financially motivated malicious new… This is a post from HackRead.com Read the original post: Ducktail Malware Exploits LinkedIn to Hack Facebook Business Accounts...
IcedID Trojan Rebooted with New Evasive Tactics
Threat actors have enhanced a banking trojan that has been widely used during the COVID-19 pandemic with new functionality to help it avoid detection by potential victims and standard security protections. Attackers have implemented several new features — including a password-protected attachment...