The SilentFade bunch utilized malware to purchase advertisements for the hacked users.
At the Virus Bulletin 2020 security meeting, Facebook security group members revealed details. Of one of the most modern malware crusades actually to target Facebook clients. The cybercriminal gathering, named SilentFade. Utilized malware to purchase promotions for the benefit of hacked clients from late 2018 to February 2019.
SilentFade used a combination of Windows Trojan, browser injections, scripts and vulnerabilities in the Facebook platform. Demonstrating a sophisticated method of operation rarely seen by criminals. The goal of SilentFade was to infect users with a Trojan. Take over control of the browser, and steal passwords. And browser cookies of users in order to gain access to Facebook accounts. After gaining access, the criminals began looking for accounts with. A payment method linked to their profile and used the victim’s funds to post malicious ads. On the social network on their behalf.
Despite the fact that the campaign lasted only a few months. The criminals managed to steal more than $ 4 million from users.
According to experts, the criminals were distributing a modern version of the SilentFade malware. Bundled with legitimate software that they offered to download on the Internet. As soon as the SilentFade Trojan entered a user’s Windows device, the hackers gained control over the victim’s computer. However, instead of abusing the system for more intrusive operations. The malware only replaced legitimate DLL files in browser installations with malicious copies, allowing SilentFade to control the browser.
As noted on Facebook, the malware used scripts to disable many of the social network’s security features and even discovered. And then exploited a vulnerability in the platform to prevent users from re-enabling disabled features. (site notifications, chat notification sounds, SMS notifications, email notifications). mail, notifications from the page).
Knowing that Facebook’s security systems can detect suspicious activity and logins and notify the user through a private message. The SilentFade gang also blocked Facebook for business and Facebook Login Alerts. Which sent alerts in private messages in the first place.
They investigated and found a GitHub account that allegedly hosted many of the libraries used to create the SilentFade malware. Facebook traced this account and the SilentFade malware. Back to ILikeAd Media International Company, a Hong Kong-based software company founded in 2016. And two of its employees, Chen Xiao Kong and Huang Tao. Facebook sued the company and two developers in December 2019, and the lawsuit is still ongoing.