After a group of researchers unveiled a campaign that lasted for years to spread malware using a network of Facebook pages, the company has now removed all of the pages from the platform.
Few days earlier, researchers at CheckPoint found that a hacker created more than 30 fake pages related to Libyan politics. While Facebook’s struggles to remove fake news are well documented, the attacker used these pages to spread malware through unsuspecting users.
According to the security researchers, the attacker behind the campaign calls himself ‘Dexter Ly’ and uses open source remote access trojans to infect unsuspecting users’ devices through links embedded in real and fake Facebook pages. These pages often contained misinformation and the links with the posts often led to fake government documents or apps that claimed to notify users about potential attacks. Although the researchers aren’t sure about the goal of the campaign, they assume that the attacker used the malware to steal users’ data for financial gains.
Shortly after the discovery, the researchers stumbled across a bunch of fake pages along with fake accounts. Among many pages, one was a fake page of Khalifa Haftar who is heavily involved in Libya’s ongoing civil war. Moreover, the posts of these Facebook pages often contained spelling and grammatical mistakes or words which aren’t available in the languages. Apart from this, these posts contained links to malware that could have led to potential data breach of users. While the attack was fairly basic, the spread went on through the pages for more than five years. According to Checkpoint, the pages and accounts that were used to spread the malware had over 100,000 followers on Facebook.
After their discovery, researchers at the firm contacted Facebook to notify the social network about its users’ potential data leaks. Facebook has since than taken down all of the pages and associated accounts.
In an official statement, the company said, “These pages and accounts violated our policies, and we took them down after Check Point reported them to us. We are continuing to invest in technology to keep malicious activity off Facebook, and we encourage people to remain vigilant about clicking on suspicious links or downloading untrusted software.”