What's Happening?
A new malvertising campaign on Facebook has been identified by Bitdefender, targeting users with a fake 'Meta Verified' browser extension. This campaign includes video tutorials that trick users into installing the extension, which harvests sensitive data such as session cookies, access tokens, and IP addresses. The attackers, believed to be from Vietnam, use trusted platforms like Box.com to host the campaign, evading security measures like URL blocking. Once access tokens are obtained, the attackers use Facebook's Graph API to query business account information, distinguishing high-value corporate profiles from personal accounts. The streamlined approach bypasses many endpoint-based detections, and the use of legitimate domains for hosting reduces the likelihood of rapid takedown.
Why It's Important?
This development highlights the growing sophistication of cyber threats targeting social media platforms. The ability of attackers to evade security measures and leverage legitimate platforms for hosting malicious campaigns poses significant risks to user privacy and corporate security. Businesses and individuals using Facebook are at risk of having their sensitive data compromised, which could lead to financial losses and reputational damage. The campaign underscores the need for enhanced security protocols and user awareness to protect against such threats. Security teams are advised to monitor abnormal cookie export activity and enforce rigorous extension vetting to defend against these industrialized malvertising threats.
