Researchers from cybersecurity firm Check Point have uncovered a Facebook campaign that has been spreading malware since 2014. The campaign was operating under the posts that discussed the political situation in Libya.
Notorious Remote Access Trojans (RATs) like SpyNote, Houdini and Remcos were spread through Facebook pages and it is believed that the residents of Libya, the US, China, and Europe have been affected by it.
A Facebook page running in the name of Khalifa Haftar, Libya’s national army commander and a prominent figure in the country, has been found to be the focal point for spreading the malware. The impersonator operating the page created it in April 2019 and managed to gather more than 11,000 followers within a span of two months.
The malware was hidden in the links posted by the page, claiming that the link contains leaked intelligence reports. Whenever a user clicked on the link, malicious content got loaded.
Researchers found that the malware was hosted on public servers including Dropbox and Google Drive. It wasn’t the single page that was spreading the malware — a network of similar campaigns operating on different platforms has been uncovered.
When tracked by the researchers through a command-and-control (C2) server, a Facebook account operating under the profile name “Dexter Ly” was found to be the mastermind behind the campaign.
Researchers informed Facebook about the malware spreading pages and the pages have since been blocked.
The entire incident shows that Facebook has yet again failed to contain malicious activities carried out through its platform.