Hackers 'looking to weaponize Facebook Ad Manager' via trojan hidden in PDF reader
Self-professed “ethical hacker and reverse engineer” Vitali Kremez has discovered a new trojan, dubbed ‘Socelars’, which could be used to hack Facebook Ad Manager accounts, further endangering advertising on the platform.
Security researcher Kremez discovered that the trojan (a type of malware which misleads users as to its true purpose) had been surreptitiously distributed through a fake PDF editor called “PDFreader.” Once deployed, the trojan then steals Facebook session cookies from Chrome and Firefox and then connects them to other Facebook URLs.
2019-12-02:🆕 '#Socelars' #Stealer | #Signed🇦🇹[Rakete Content Gmbh] #Sectigo🔦Interesting Elaborate @Facebook Stealer (ads/manager) | Cookie Stealer | AdsCreditCard +{Amazon}🤔MBR "\\\\.\PhysicalDrive0" for MachineID ]h/t @malwrhunterteamMD5: cd50a4284e86c32cefc000be565f667b pic.twitter.com/H5L2BSuHp5
— Vitali Kremez (@VK_Intel) December 2, 2019
“I assess this might be only the beginning of the evolution of this type of malware targeting ad and social media providers,” Kremez told BleepingComputer.com
The data at risk includes everything from email addresses, session cookies and access tokens to account ids, credit card details, Paypal emails, ad balances and spending limits for Facebook ad campaigns. After being harvested, the data is then transmitted back to the hackers' control server.
Also on rt.com ‘Surveillance giants’ Facebook & Google ‘threaten human rights’ with data-grabbing – AmnestyThis combined access data could then be used to steal information from users' Ads Manager settings and allow the hacker to run their own ad campaigns by hijacking accounts' Facebook Ad Manager profiles.
“Also, I think in light of the upcoming elections and intensified FB campaigns running political messages, this tool is almost like an espionage malware looking for possible political narratives (and grabbing account information),” Kremez continued. There have been no confirmed security breaches using this malware yet, but the investigation into how far it has spread and been deployed is only just beginning.
This could potentially have massive implications for political advertising on the platform, which has already been the subject of heated debate.
Also on rt.com Facebook issues first-ever ‘fake news’ correction to user post under pressure from Singapore govtFacebook is still grappling with how to handle political advertising on its platform, and has pledged to take down any and all accounts involved in illicit or malicious practices (dubbed “inauthentic behaviour”).
The social media giant will leverage artificial intelligence in its efforts to combat so-called fake news, by labeling state-controlled media and monitoring candidates' accounts for any suspicious activity.
The Trojan also attempted to steal session cookies from Amazon's US and UK websites but it’s unclear whether this was a smokescreen or not.
Think your friends would be interested? Share this story!
