Cybercriminals often target businesses that hold large amounts of users’ sensitive information. And social networking services like Facebook and WhatsApp always top the list when it comes to hacker intrusions and other security incidents. Cybersecurity experts from global cyberthreat hunting firm Group-IB discovered a large-scale scam campaign targeting Facebook Messenger users across the world in over 80 countries in Europe, the Middle East, and Africa (MEA) region, Asia, and North and South America.
Fake Facebook Messenger Campaign
Group-IB researchers found that cybercriminals have been stealing users’ login credentials by distributing a fake updated version of Facebook Messenger. Researchers discovered over 1,000 such fake Facebook profiles employed in the scheme. “The number of Facebook posts inviting users to install “The latest Messenger update” reached 5,700. To draw users’ attention, fraudsters registered accounts with the names mimicking the real app — Messanger, Meseenger, Masssengar, etc. — and used Facebook Messenger’s official logo as their profile picture,” Group-IB said.
Facebook Ad promoting a Facebook Messenger Update
The fake ads reportedly targeted a large set of users globally across India, Canada, the U.S., France, Germany, Nigeria, Italy, Singapore, Malaysia, and South Africa.
How does the scam work?
Malicious links are promoted as download links in the updated version. Once the user clicks on the link, it redirects the victim to a fake Facebook Messenger website with a login form asking users to enter their credentials.
Attackers leveraged web hosting platforms like blogspot.com, sites.google.com, github.io, and godaddysites.com to host fake Facebook Messenger login pages. They also used the services of linktr.ee, bit.ly, cutt.us, cutt.ly, and rb.gy to shorten the links and bypass spam filters. “Users who fell victim to this scheme risk leaking their personal data and have their account hijacked. Scammers, in turn, are likely to use the compromised account to either blackmail the victim, pushing them to pay a ransom to have access to their account restored, or further scale up the scheme using the Facebook profile to distribute scam ads,” Group-IB added.
WhatsApp Pink Scam
A malicious app named WhatsApp Pink is making rounds online to gain control over users’ devices and steal their information.
Beware of @WhatsApp Pink!! A Virus is being spread in #WhatsApp groups with an APK download link. Don’t click any link with the name of WhatsApp Pink. Complete access to your phone will be lost. Share with All..#InfoSec #Virus @IndianCERT @internetfreedom @jackerhack @sanjg2k1 pic.twitter.com/KbbtK536F2
— Rajshekhar Rajaharia (@rajaharia) April 17, 2021
According to Indian security researcher Rajshekhar Rajaharia, threat actors are sending malicious links to users claiming to provide new WhatsApp features in pink color. If a user clicks on the link, it automatically redirects the victim to a fake page with an option to download the malicious WhatsApp Pink app. The malicious link can possibly lock the targeted users out of their WhatsApp accounts or worse – devices.