Facebook page scam: Hackers target Bangladeshi pages, agencies

A startling increase in cybercrime has left Facebook users from various countries, including Bangladesh, vulnerable to hacking attempts on the social media platform, according to a recent report by Dismislab, an independent research organisation. Unscrupulous hackers are employing deceptive tactics to lure users into downloading tools such as Facebook Ad Manager and Google Bard, subsequently infecting their devices with harmful malware.

The report by Dismislab sheds light on the alarming trend of hackers targeting page administrators and digital marketing professionals who frequently advertise on Facebook. The motive behind these fraudulent schemes is primarily financial gain and the theft of personal information reserved for advertising purposes.

Dismislab, an independent research platform, meticulously analysed data from 58 Facebook pages over the past two months to delve into the nature, motives, methods, financial incentives, and origins of these fraudulent campaigns. The findings, as revealed by the Dismislab report, indicate that the majority of these campaigns originate from the Philippines and Vietnam, affecting users in multiple countries, including Bangladesh.

According to the Dismislab report, hackers begin their modus operandi by creating websites that appear credible, incorporating words like Meta, Ad Manager, Google Bard, or AI in the URL. Subsequently, they either create new Facebook pages with similar names or hack existing ones, altering their titles to deceive users. The hackers then use Facebook to promote the website links, enticing users to click on them.

The report further details the malicious impact of these deceptive links. Once users click on the enticing download link provided on the website, the malware is stealthily installed on their devices, leading to a plethora of security risks. This malicious software then proceeds to collect sensitive personal information, including passwords, and may even display intrusive ads on the user's device. Additionally, the malware has the ability to disable the computer's firewall, allowing the hackers to further install additional malicious software. This, in turn, grants the hackers access to users' Facebook pages, which are then exploited to promote fraudulent posts and ads.

According to experts quoted in the Dismislab report, financial incentives are a key driver behind these hacking campaigns. Hackers, after compromising Facebook pages, gain access to financial information, embezzle advertising funds from Business Manager, and promote their deceptive posts using victims' accounts. Additionally, the report highlights the hackers' exploitation of users' devices through the installation of malicious adware to generate profits. 

Furthermore, the stolen user information is sold to third parties, amplifying the dangers of these attacks. Dismislab's report emphasises that the primary targets of these hacking attempts are administrators of large Facebook pages who actively advertise products or services.

The Dismislab report also provides a harrowing account of victims who have fallen prey to these hacking attempts. One such example is Adarsha, a renowned Bangladeshi publishing house that had its verified Facebook page hijacked. Hackers edited Adarsha's posts, replaced them with ads, and even changed the page's name and cover photo. 

According to the findings of the report, the malware identified in the Dismislab report, including Trojan-PSW.Agent.BP and Win32.Trojan.Tedy, are specifically designed to steal sensitive information, particularly passwords, and subsequently send it to the attackers. Some of the malware also functions as adware, inundating users with intrusive pop-up ads while significantly slowing down their devices.

"This vicious hacking strategy is evolving day by day. When we first discovered the pattern, it was mainly based on fraudulent meta ads manager or Google Bard. However, it is currently experimenting with different AI tools, even adult content associated with harmful malware," said Minhaj Aman, Research Lead at Dismislab. 

"First and foremost, do not click on anything in your newsfeed at random. If you have a business page on any social media platform, such as Facebook, you must be particularly cautious," he added.

Victims, such as digital marketing agencies and page administrators, have suffered significant financial losses and face the arduous task of recovering their hacked pages. The Dismislab report points out the challenges faced by these victims in their quest for recourse, with the recovery of their hacked pages often becoming a prolonged and uncertain process. For example, Adarsha were finally able to recover their page only recently after a great deal of effort and time.

While Facebook has taken measures to combat these hacking attempts by removing several pages and suspending websites, the Dismislab report highlights that hackers are relentless and continue to evolve their tactics against countermeasures.