Researchers from Kaspersky have spotted a significant growth of the malware used by SilentFade, the gang responsible for $4 million fraud on Facebook in 2019. On January 2021, experts from the global cybersecurity company have recorded and analyzed Frank rootkit and found similarities to the campaign.
The most number of incidents for the past month were detected in India, Brazil, Indonesia, Italy, Germany, Algeria, Malaysia, Russia, France and Egypt.
Last year’s Kaspersky telemetry did not detect SilentFade’s presence in Southeast Asia. A different landscape was monitored back in January when the region witnessed a rapid spread of this malware with a total of 576 incidents. Aside from 221 and 137 detections in Indonesia and Malaysia, the Philippines logged 96 cases, Vietnam with 71, Thailand with 27, and Singapore with 24.
“Our monitoring showed the SilentFade campaign never stopped,” said Anton Kuzmenko, security expert at Kaspersky. “They are just doing what they did and now we are facing the growth of their activity. Their ideas and methods remain the same with some changes. Now they also spread downloader, which can spread and download other, more dangerous, malware. Detected files are similar to older versions detected which our industry peers have found links with an alleged Chinese company. In terms of distribution, there is a possibility that someone has sold the malware source codes, the gang itself are selling the rootkits, or the codes may have been leaked.”
The SilentFade gang, a campaign which started in 2016, utilized a combination of a Windows Trojan, browser injections, clever scripting, and a bug in the Facebook platform, showing a sophisticated modus operandi rarely seen with malware gangs targeting the social media company. The name of the group is a shorter term for “Silently running Facebook Ads with Exploits.”
The purpose of SilentFade’s operations was to infect users with the Trojan, hijack the users’ browsers, and steal passwords and browser cookies so they could access Facebook accounts.
Once they had access, the group searched for accounts that had any type of payment method attached to their profile. For these accounts, SilentFade bought Facebook ads with the victim’s funds. The malware being used collects information about the user’s account such as the balance of the advertising wallet, how much he spent on advertising before, all sorts of tokens, and cookies. Then the cybercriminals will start promoting their ads through the social network’s advertising platform.
Despite operating only for a few months, Facebook said the group managed to defraud infected users of more than $4 million, which they used to post malicious Facebook ads across the social network.
“Threats on these platforms should be taken seriously in Southeast Asia given the region’s high internet and social media adoption. Five out of the six countries here spend more than seven hours online in 2020, and 69% of the region’s total population are active social media users, the highest percentage among all subregions in Asia Pacific. The rise of ads across social media platforms resulted to a treasure trove of financial credentials — a lucrative target for cybercriminals like SilentFade. We urge all users from the region to boost their account’s security through multi-factor authentication, strong passwords, robust solutions, and a lot of vigilance,” comments Yeo Siang Tiong, General Manager for Southeast Asia at Kaspersky.
Kaspersky experts also share the following steps to keep your accounts safe from SilentFade malware:
- Secure your computer, your mobile devices, and your data. Install a rigorous anti-malware solution on your computer, smartphone, and tablet – to protect your devices against the latest computer viruses, worms, Trojan viruses, and other threats.
- Get a temporary credit card. Some credit card companies will issue a temporary credit card number for their customers. These temporary numbers can be useful for one-time purchases. However, you should avoid using them for any purchases that require auto-renewal or regular payments.
- Dedicate a “clean” computer. For added security, you could use a dedicated machine for all your online financial transactions. This should be a ‘clean’ computer that is totally free of computer viruses and any other infections. In order to help keep it clean, the machine should not be used for any casual web browsing, social networking or email.
- Manage and protect your online passwords. Using a password manager can help you to deal with multiple accounts and passwords — and to encrypt passwords that would otherwise be in plain text. Some antivirus and Internet security software products include password management and password security features.