Hackers Now Using Verified Facebook Pages to Spread Malware

Social network pages have become a true commodity in recent years for cyber-criminals, who use hijacked accounts as digital billboards to promote crypto and investment scams.

A number of verified and well-established Facebook pages were hacked over the weekend and have started leading followers to malware. Of particular interest is a page that was renamed “Meta Ads Manager” and has been running ads on the platform directing users to a new “tool” to manage future ad campaigns.

The verified page has a follower base of 30,000 users and was created in 2013. Last Thursday, it was hijacked and its name was changed to Meta Ads Manager. Since then, it has led visitors to an external site that spreads an infostealer, detected by Bitdefender as Gen:Variant.Marte.BrowserThief.1.

What are infostealers and why should you worry about them?

Infostealers have been around for a while, and we have extensively covered the topic in past research on Bitdefender Labs [1] [2] [3].  These specially-designed malicious applications collect usernames and passwords stored in browsers, as well as session cookies – small text files that tell the web server that you have already logged in to your account and you don’t need to go through the login process anytime soon.

With that session cookie alone, an attacker could avoid the login process and instantly access a victim’s account. A criminal could then use the compromised business or verified pages to distribute malware, run scam campaigns, and disseminate fake news or other fraudulent content.

How to stay safe

The use of a verified page with a blue checkmark and a compelling name makes this scam more difficult to spot for the untrained eye. A tell-tale sign that something is not right is that the malware itself is distributed in a password-protected archive – a common tactic to prevent antimalware solutions from scanning the contents of the zipped file.

Such attacks are difficult to spot, though, and even the most tech-savvy user can fall victim without proper protection. Always use a cybersecurity solution such as Bitdefender Total Security to block malicious links in scammy posts and malware downloaded from random locations on the Internet.