7 February 2024
7 February 2024
Hacked Facebook pages is no news, millions of accounts are compromised every year. But what are they used for, and who monetizes on those accounts being hacked?
Qurium’s investigation starts with a handful of hacked Facebook pages belonging to the Ugandan media group “Nation Media Group” which have been used to drive traffic to malicious advertisements.
The attackers have lured the readers to sites with malicious advertisements and malware by posting images of “scantily clad women” to attract their attention. The malware we have identified is so called “scare-ware” that falsely warns you about your outdated VPN or antivirus software and redirects you to legit websites of antivirus or VPN companies and cashes in the commission fee!
The advertisement network being used in this case is Adsterra. Although both Facebook and Adsterra’s policies prohibits the promotion of deceptive content, we found no tangible signs that there is any real effort by and of these two actors to stop this activity. Adsterra is aware of the malicious ads in their network and profits from it, while Facebook takes weeks to recover clearly compromised accounts to serious media companies. As icing on the cake, Facebook hosts dozens of groups dedicated to explain how to use the Adsterra network to drive traffic.
Report: Adsterra used to promote malicious content using hacked Facebook pages
Contacts
Digital forensics: Tord Lundström <t at virtualroad.org> Technical Director
Media: Clara Zid <info at virtualroad.org> Media and Outreach Manager