A group of Chinese malware users employed a sophisticated scheme that targeted Facebook users between the end of 2018 and early 2019, collecting an impressive amount of money before they were caught and stopped by Facebook’s security team.
Known as SilentFade, the team used several methods and tools, including a powerful Windows Trojan, complicated scripts, and script injectors, as well as a bug present within Facebook, surprising the security team with the complexity of their plan, which was quite nefarious.
The team managed to gain access to the computers of vulnerable targets with the help of infected links and hijacked their internet browsers. Once these steps were complete, they could transfer Facebook credentials and cookies to gain access to their Facebook accounts. If the accounts had access to a payment method, the team moved to the next stage.
Suitable Facebook profiles were used to create and promote malicious ads, which raised the interest of other Facebook contacts. When these contacts clicked on the malicious links, they were also infected with malware to collect credentials that were used to access even more Facebook accounts and use them for the same purpose.
While the operation lasted for a few months, the team managed to steal more than $4 million from infected Facebook users, which were used to pay for promoted versions of Facebook ads. A factor that contributed to the downfall was the use of ads that followed a similar pattern.
Most of the ads contained short URL addresses that feature images of celebrities along with with marketing material for dubious products sold on unknown websites. Many ads were focused on weight loss products and keto pills. A large number of reports prompted the Facebook security team to investigate the ads and track down the malicious group as well as tied to a Chinese company.