What is the method by which a Chinese hacker purchases an ad space of over 400 million yen and displays fraudulent advertisements?
On October 1, 2020, Facebook security researchers reported on the 'method of displaying fraudulent advertisements on Facebook' used by Chinese cyber criminals. Instead of buying inventory and displaying fraudulent ads on their own, cybercriminals purchase inventory using a payment method linked to the Facebook account of another person infected with malware, with a total damage of 4 million. It is said to be over dollars (about 400 million yen).
SilentFade: unveiling Chinese malware abusing Facebook ad platform --VB2020 --Join us for the best kept secret of the infosec industry!
How hackers took over Facebook accounts to steal millions, promote scams
How a Chinese malware gang defrauded Facebook users of $ 4 million | ZDNet
Fraudulent advertising that promotes suspicious diet pills and counterfeit products is a major challenge for platforms such as Facebook, which are based on advertising revenue. A new cybercriminal trick reported by Facebook researchers was to put the cost of displaying fraudulent ads on the victims infected with malware.
Chinese cybercriminals used a malware called ' SilentFade '. The malware was not spread via Facebook, but was embedded in software that can be downloaded from a web browser, so it was difficult for Facebook to detect and eradicate it.
SilentFade, which infects the device, rewrites a legitimate DLL file in a web browser into a malicious DLL file that cybercriminals can control. Targeted web browsers range from Chrome, Firefox, Internet Explorer, Opera, Edge, etc., and malicious DLL files are designed to steal credentials and browser session cookies stored in the browser.
SilentFade then uses the Facebook session cookie to log in to the victim's Facebook account without using credentials or a two-step verification token. And SilentFade uses clever scripts to disable many of Facebook's notifications and security features, as well as 'Facebook for Business' and 'Facebook Login Alerts' to alert you with a message when suspicious Facebook activity is detected. Block your account. SilentFade also used a bug that existed on Facebook to prevent users from unblocking their accounts.
The purpose of cybercriminals with SilentFade was to purchase fraudulent ad placements using payment methods such as the PayPal account associated with the infringing Facebook account. SilentFade was active in the months from late 2018 to February 2019, during which hackers used payment methods stolen from users to advertise over $ 4 million in total. It is believed that he purchased the frame.
Facebook started the investigation in December 2018 after receiving a report from the user, and in February 2019, it was found out the activity of Silent Fade. Facebook has already stated that it has fixed bugs and notification issues related to unblocking accounts and refunded all users whose accounts were abused to purchase malicious Facebook ads.
Facebook continued to investigate, and in December 2019, it filed a lawsuit against two Chinese and a Hong Kong company for being involved in a series of crimes, as well as defendants using Facebook. I am requesting a federal court to suspend it. In addition, security measures for accounts have been tightened, and preparations for attacks targeting the Facebook platform have been strengthened.
Nathaniel Gleicher, Facebook's head of security policy, said malware targeting certain platforms, such as Facebook, can affect all platforms. 'If people's devices and browsers are compromised by downloading malicious software from the Internet, the mitigation and detection options provided by the technology platform can be severely limited,' he said.
Facebook security researchers Sanchit Karve and Jennifer Urgilez, who reported on the attack, said, 'As the evolving ecosystem targeting Facebook shows, the number of users serving the service continues to grow. We anticipate more platform-specific malware on the platform. '