Submitted via IRC for SoyCow4463
Researchers crack open Facebook campaign that pushed malware for years
Researchers have exposed a network of Facebook accounts that used Libya-themed news and topics to push malware to tens of thousands of people over a five-year span.
Links to the Windows and Android-based malware first came to researchers' attention when the researchers found them included in Facebook postings impersonating Field Marshal Khalifa Haftar, commander of Libya's National Army. The fake account, which was created in early April and had more than 11,000 followers, purported to publish documents showing countries such as Qatar and Turkey conspiring against Libya and photos of a captured pilot that tried to bomb the capital city of Tripoli. Other posts promised to offer mobile applications that Libyan citizens could use to join the country's armed forces.
According to a post published on Monday by security firm Check Point, most of the links instead went to VBScripts, Windows Script Files and Android apps known to be malicious. The wares included variants of open source remote-administration tools with names including Houdina, Remcos, and SpyNote. The tools were mostly stored on file-hosting services such as Google Drive, Dropbox, and Box.
The postings by the fake Haftar were riddled with typos, misspellings, and grammatical errors. The spelling mistakes in particular gave Check Point researchers a high degree of confidence that the content was generated by an Arabic speaker, since translation engines that would have converted the text from another language would have been unlikely to introduce the errors.
(Score: 2) by Rupert Pupnick on Tuesday July 09 2019, @12:30PM
First Libra, now Libya.
(Score: 3, Funny) by Runaway1956 on Tuesday July 09 2019, @02:00PM
Cool. No more Facebook!