Multiple Verified Facebook Pages Taken Over by Hackers to Push Malware

Hackers took over several verified Facebook pages, changed their names to reflect various other companies, including Meta, and used them to push malicious links onto unsuspecting users.

Hackers often target companies, organizations and influencers because of their potential. Taking over popular channels to promote a crypto scam or to send followers messages containing malicious links is a much bigger problem than it might appear. Companies like YouTube and Meta are constantly engaged in a game of whack-a-mole with these attackers.

According to a TechCrunch report, social media consultant Matt Navarra spotted several pages with very official-sounding names such as Meta Ads, Meta Ads Manager or Google AI. Their purpose is to persuade people to click on the ads. In the case of those pretending to be from Meta, the attackers promoted a new advertising tool, inviting users to “download and use now.”

“Because of security issues for upcoming users, you can no longer manage ad accounts in the browser, but switch to using a more professional and secure tool,” states one of the ads.

“In order for your work to be uninterrupted, please download and use it nowThe new Manager is packed with new features that are able to reach your target audience better, and automatically optimize ads better...,” the ad continues.

Bitdefender Labs also identified this particular campaign a couple of days ago and found that the attackers actually pushed an infostealer malware detected as Gen:Variant.Marte.BrowserThief.1. This type of malware is designed to collect usernames and passwords stored in browsers, as well as session cookies – small text files that tell the web server that you have already logged in to your account and you don’t need to go through the login process anytime soon.

While the text posted on Facebook is rather well-written, it still has a few grammatical problems and lacks proper punctuation. Nevertheless, since it comes from a verified account, people might be more trusting.

Another page claimed to come from the Google AI team, but this one was all about making a lot of money with a marketing tool.

This was only possible because already verified Facebook pages were compromised by criminals who simply changed the pages’ names. While the tactic is not uncommon, it should not be this easy to take established names with no vetting.

Shortly after this report surfaced, Meta took down the Facebook pages. This goes to show that it’s always a good idea to be suspicious of any message promoting gains or pushing people to download software, even if it seems to come from an official source.