A band of Chinese digital wrongdoers have apparently ripped off Facebook users to the tune of $4 million. At Virus Bulletin’s virtual VB2020 conference, Facebook’s malware researchers and security analysts revealed that malware was found abusing Facebook's ad platform to run malicious ad campaigns that spammed users with phony celebrity endorsements and enticed them to make fraudulent purchases.
Facebook’s security team coined the malware ‘SilentFade’ – ‘Silently running Facebook ADs with Exploits’ -- based on how the attacks were carried out. The malware’s M.O. was to infect users with the malware, then commandeer the users' browsers and make off with browser cookies and passwords.
Once they had that, the bandits searched for user accounts that had payment methods associated with their profile. At that point, SilentFade was off to the races, buying Facebook ads for things like keto pills and weight loss products with the victim's funds.
All told, Facebook said the group was able to fleece more than $4 million from infected users. To make things whole, Facebook reimbursed the $4 million back to the victims for unauthorized ads purchased using their ads accounts.
Not exclusive to Facebook
Satnam Narang -- a staff research engineer at Tenable who has uncovered similar scams on other social media platforms like TikTok, Instagram, and Twitter -- noted that it’s a well-conceived, “cunning” scam designed to take advantage of Facebook’s billions of users while also providing the bad actors with a layer of protection against getting caught.
"Facebook’s research into SilentFade highlights how users seeking out pirated software are further exposed to additional risk in the form of malicious software that can silently take control of their Facebook accounts,” Narang told ConsumerAffairs.
“Even if users aren’t directly affected by the SilentFade malware, its effect extends to Facebook users that encounter dubious advertisements for products that are counterfeit or misleading, such as phony diet pills. Users should not download pirated software and should be extremely skeptical of advertisements for discounted products at or phony diet pills."
What took so long?
The interesting twist is that it’s taken two years for Facebook to tell the world about this issue. The SilentFade mob was active between late 2018 and February 2019, when Facebook's security team first caught wind of their presence. Luckily, they were able to stop the gang’s attacks.
It’s possible that Facebook was embarrassed by the attack’s stealth-like precision.
“This was the first time we observed malware actively changing notification settings, blocking pages, and exploiting a bug in the blocking subsystem to maintain persistence in a compromised account,” the company’s researchers said, claiming that the scam actually became a “silver lining” that helped it detect compromised accounts going forward.