02/18/2021 05:25:31 PM
Known AdFruaters SilentFade is spreading like a wildfire again, and one of its recent targets is the Southeast Asia region.
The finding was made after Kaspersky researchers noticed a significant growth of the malware used by the same gang responsible for the $4 million fraud on Facebook in 2019. Specifically, the past month saw experts from this cybersecurity company recorded and Frank rootkit and found similarities to the campaign.
Two years after bringing in the biggest fraud on social networking, the gang has widened its presence around the world in recent times; with the most number of incidents detected in India, Brazil, Indonesia, Italy, Germany, Algeria, Malaysia, Russia, France, and Egypt.
Last year’s Kaspersky telemetry did not detect SilentFade’s presence in Southeast Asia. A different landscape was monitored back in January when the region witnessed a rapid spread of this malware with a total of 576 incidents. Aside from 221 and 137 detections in Indonesia and Malaysia, the Philippines logged 96 cases, Vietnam with 71, Thailand with 27, and Singapore with 24.
“Our monitoring showed the SilentFade campaign never stopped. They are just doing what they did and now we are facing the growth of their activity. Their ideas and methods remain the same with some changes. Now they also spread downloader, which can spread and download other, more dangerous, malware. Detected files are similar to older versions detected which our industry peers have found links with an alleged Chinese company. In terms of distribution, there is a possibility that someone has sold the malware source codes, the gang itself are selling the rootkits, or the codes may have been leaked,” said Anton Kuzmenko, Security Expert at Kaspersky.
Since its inception in 2016, SilentFade (short for “Silently running Facebook Ads with Exploits”) gang has been infecting users the Trojan, hijack the users' browsers, and steal passwords and browser cookies so they could access Facebook accounts. To do this, their members utilize a combination of a Windows Trojan, browser injections, clever scripting, and a bug in the Facebook platform, showing a sophisticated modus operandi rarely seen with malware gangs targeting the social media company.
Once they had access, the group searched for accounts that had any type of payment method attached to their profile. For these accounts, SilentFade bought Facebook ads with the victim's funds. The malware being used collects information about the user's account such as the balance of the advertising wallet, how much he spent on advertising before, all sorts of tokens, and cookies. Then the cybercriminals will start promoting their ads through the social network’s advertising platform.
Their biggest case happened a few months after started operations. Facebook said the group managed to defraud infected users of more than $4 million, which they used to post malicious Facebook ads across the social network.
“Threats on these platforms should be taken seriously in Southeast Asia given the region’s high internet and social media adoption. Five out of the six countries here spend more than seven hours online in 2020, and 69% of the region’s total population are active social media users, the highest percentage among all subregions in the Asia Pacific. The rise of ads across social media platforms resulted to a treasure trove of financial credentials --- a lucrative target for cybercriminals like SilentFade. We urge all users from the region to boost their account’s security through multi-factor authentication, strong passwords, robust solutions, and a lot of vigilance,” comments Yeo Siang Tiong, General Manager for Southeast Asia at Kaspersky.
All that said, Kaspersky experts also share the following steps to keep your accounts safe from SilentFade malware:
- Secure your computer, your mobile devices, and your data. Install a rigorous anti-malware solution on your computer, smartphone, and tablet – to protect your devices against the latest computer viruses, worms, Trojan viruses, and other threats.
- Get a temporary credit card. Some credit card companies will issue a temporary credit card number for their customers. These temporary numbers can be useful for one-time purchases. However, you should avoid using them for any purchases that require auto-renewal or regular payments.
- Dedicate a “clean” computer. For added security, you could use a dedicated machine for all your online financial transactions. This should be a ‘clean’ computer that is totally free of computer viruses and any other infections. In order to help keep it clean, the machine should not be used for any casual web browsing, social networking, or email.
- Manage and protect your online passwords. Using a password manager can help you to deal with multiple accounts and passwords — and to encrypt passwords that would otherwise be in plain text. Some antivirus and Internet security software products include password management and password security features.
Author: slickmaster | © 2021 The SlickMaster's Files
No comments:
Post a Comment
Feel free to make a comment as long as it is within the bounds of the issue, and as long as you do it with decency. Thanks!