Hackers steal Facebook Messenger login credentials via massive phishing campaign

A group of cybersecurity specialists claims to have found evidence that millions of users would have been victims of a massive phishing campaign through Facebook Messenger. This campaign is based on the deployment of a supposedly updated version of the app, which is actually a malicious app used to collect the login credentials of affected users.

The report signals the detection of about a thousand fraudulent Facebook profiles used by hackers. This campaign would have started in mid-2020 in regions such as Asia and Europe, although it has already spread to Europe and America.

By April 2020, the number of fraudulent publications inviting users to download this supposed updated version of the app was already over 5,500. Fraudulent profiles even used the official Facebook Messenger logo as a profile picture.

Moreover, in an attempt to bypass anti-spam and moderation controls on Facebook, fraud operators used cut-out links on services such as bit.ly, linktr.ee, cutt.ly, among others. These links redirected users to websites outside of Facebook from where the fraudulent version of Messenger could be downloaded. To do this, users were asked to complete a form, which was actually the mechanism used to extract their login credentials.

Threat actors tried to make this fake app attractive by assuring users that it contained additional features, such as a record of visits to their profile or the ability to access a supposed Gold Messenger version. In more extreme cases, some users received messages that threatened to restrict their accounts permanently if they did not download this app.

Researchers have found fraudulent ads in at least 84 countries around the world, mainly in Germany, Italy, Spain, the United Kingdom and the United States. On the attackers’ targets, experts believe they could use compromised credentials to restrict access to legitimate users and demand a ransom in exchange for regaining control of their accounts.

As a precaution, users are advised to remain alert to any related fraud attempts, as under no reason does Facebook require its users to install software from platforms outside of PlayStore or AppStore. Users should also avoid interacting with trimmed links, as this is usually a practice used to hide the actual destination of a link.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.