Home News Attackers Using Facebook’s Ads Manager as Cyberespionage Tool

Attackers Using Facebook’s Ads Manager as Cyberespionage Tool

Facebook copyright complaint

A newly discovered Trojan, dubbed Socelars, allows bad actors to access Facebook advertisements, the Bleeping Computer reported.

The issue came to light after a security researcher Vitali Kremez found that Socelars Trojan was distributed through a fake PDF editing app “PDFreader”. It’s said that attackers are using this Trojan to dig information from Facebook ads.

What’s the Risk?

According to MalwareHunterTeam, the Socelars Trojan tries to steal Facebook session cookies from Chrome and Firefox and then use them to connect to other Facebook URLs.

The stolen data includes advertising email address, session cookies, access tokens, account ids, associated pages, credit card details, PayPal email, ad balances, and spending limits. The data then transferred to the attacker’s Command & Control server.

Primary Target on Facebook Ads Manager

Vitali Kremez stated that attackers using stolen information to extract the user’s account_ID and access token, which were later used in a Facebook Graph API call to steal data from the user’s Ads Manager settings.

If malicious actors access the information of the ads, they can create their own campaign ads, not only regular advertisements but the political posts, which could bring severe implications during elections.

Besides targeting on Facebook ads, the Trojan is also attempting to steal session cookies for Amazon.com and Amazon.co.uk, the researcher said.

With the U.S. elections approaching and bad actors abusing campaigns/ads in the past, it’s a heads-up for anyone running political campaigns.

Recently, Facebook stated that it is tightening its security for the 2020 U.S. elections after fresh signs of Russia meddling. The social media giant stated that it’s taking down accounts involved in illicit activities and stepping up searching state-controlled media trying to manipulate American voters.

Facebook pledged to use a variety of security measures, including artificial intelligence, to counter Russian attackers or other online intruders who use misleading strategies and false information to meddle in the 2020 U.S. elections.

The new steps announced by Facebook include, Fighting Foreign Interference, Preventing inauthentic behavior, Increasing transparency, Labeling state-controlled media on their Page and in the Ad Library, Preventing the spread of misinformation, and monitoring candidates accounts, elected officials through Facebook Protect.