A social media malware campaign from 2016 resurfaced in India in 2021, according to cybersecurity firm Kaspersky.
“The gang is known to utilize a combination of Windows trojan, browser injections, clever scripting, and a bug in the Facebook platform, making it a very sophisticated and rare modus operandi to target Facebook’s users,” Kaspersky said.
The purpose of SilentFade’s operations as part of the 2016 campaigns was to infect users with the trojan, hijack their browsers, and steal passwords and browser cookies to access their Facebook accounts.
“Once the cybercriminals had access, the group searched for accounts that had any type of payment method attached to their target’s profile. For these accounts, SilentFade bought Facebook ads with the victim’s funds,” explained Kaspersky.
“Then the cybercriminals start promoting their ads through the Facebook advertising platform. Despite operating only for a few months, Facebook revealed that the group managed to defraud infected users of more than $4 million, which they used to post malicious Facebook ads across the social network,” it said.
Kaspersky researchers have recently recorded a Frank rootkit, a malware which has infected devices with many similarities to the one run by the SilentFade gang.
According to Kaspersky’s analysis, India ranks first with 603 infections in the last month, on the infected countries’ list by this rootkit. Brazil (255 infections) and Indonesia (221) followed at second and third position.