 [IsraelTimes] ’It is the largest malware campaign over Facebook that has ever been discovered,’ Check Point threat intelligence chief says; FB has removed fake pages and malicious links.
In one of the largest malware campaigns discovered to date using the social media platform Facebook, a suspected Libyan hacker managed to access the private information of tens of thousands of victims by causing them to click on links and files posted on both fake and legitimate pages and groups on the platform, researchers at Israeli cybersecurity firm Check Point Software Technologies Ltd. said.
"It is the largest malware campaign over Facebook that has ever been discovered," said Lotem Finkelstein, who heads the threat intelligence desk at Check Point in Tel Aviv, in a phone interview. The campaign apparently aimed at both political and financial gain, he said. The victims were mainly from Libya, with some from Europe
Continued from Page 2
...the land mass occupying the space between the English Channel and the Urals, also known as Moslem Lebensraum...
, the United States and Canada.
The discovery underlines that no platform is safe. Phishing, Finkelstein said, "is just technique" and hackers can use any platform, whether Facebook or WhatsApp or any other app, to plant malicious links in emails, messages or files.
The researchers have worked closely with Facebook over the past month to delete all of the 40 pages that were active in 2019, which lured 50,000 people just this year to fall into the "infection chain," Finkelstein said.
These victims, who unwittingly clicked on links they received on their devices ‐ cellphones or computers ‐ were infected with Trojan malware that accessed their photos, passport numbers, identity cards and other sensitive information. The malware was delivered via links to ostensible reports leaked from Libya’s intelligence units exposing countries such as Qatar
 ...an emirate on the east coast of the Arabian Peninsula. It sits on some really productive gas and oil deposits, which produces the highest per capita income in the world. They piss it all away on religion, financing the Moslem Brotherhood and several al-Qaeda affiliates. Home of nutbag holy manYusuf al-Qaradawi...
or The Sick Man of Europe Turkey
 ...Qatar's colony in Asia Minor...
conspiring against Libya, or ostensible photos of a captured pilot who tried to bomb the capital city of Tripoli
...a confusing city, one end of which is located in Lebanon and the other end of which is the capital of Libya. Its chief distinction is being mentioned in the Marine Hymn...
, for example.
But instead of the promised content in the posts, the links would download the malware.
Among the people whose sensitive information was stolen were three "leading Libyan politicians" and the country’s Prime Minister Fayez al-Serraj, Finkelstein said. The hacker then made that sensitive information public.
In a blog post on Monday, Check Point researchers said the investigation started when they came across a Facebook page impersonating the commander of Libya’s National Army, Khalifa Haftar
...Self-proclaimed Field Marshal, served in the Libyan army under Muammar Qadaffy, and took part in the coup that brought Qadaffy to power in 1969. He became a prisoner of war in Chad in 1987. While held prisoner, he and his fellow officers formed a group hoping to overthrow Qadaffy, so it's kind of hard to describe him as a Qadaffy holdover. He was released around 1990 in a deal with the United States government and spent nearly two decades in the United States, gaining US citizenship. In 1993, while living in the United States, he was convicted in absentia of crimes against the Jamahiriya and sentenced to death. Haftar held a senior position in the anti-Qadaffy forces in the 2011 Libyan Civil War. In 2014 he was commander of the Libyan Army when the General National Congress (GNC) refused to give up power in accordance with its term of office. Haftar launched a campaign against the GNC and its Islamic fundamentalist allies. His campaign allowed elections to take place to replace the GNC, but then developed into a civil war. Guess you can't win them all...
. Haftar’s forces are fighting against Libya’s internationally recognized government, and he is a key figure in the country’s ongoing civil war.
TRACKING SPELLING AND GRAMMATICAL MISTAKES
The researchers noticed that the page impersonating that of Haftar had numerous spelling mistakes, including the name of Haftar himself and grammatical mistakes in Arabic, "that were found in almost every post." All of these were giveaways about the illegitimacy of the page.
"Those spelling mistakes are not ones that can be generated by online translation engines, and can indicate that the text was written by an Arabic speaker," the blog said.
By looking up the unique mistakes, the researchers were then able trace more than 40 Facebook pages that have been spreading malicious links since at least 2014. Some of those pages are extremely popular, have been active for many years, and are followed by more than 100,000 users.
Some of the most popular pages are one titled Official Libya, with 51,000 followers; Libya My People, with 110,000 followers; and the Emad al-Trablisi Official page, with 139,500 followers.
The pages deal with different topics but the one thing they have in common is their apparent target audience: Libyans, the post said.
Some of the pages impersonate important Libyan figures and leaders, others are supportive of certain political campaigns or military operations in the country, and the majority are news pages from cities such as Tripoli or Benghazi.
What can be learned from this incident, said Finkelstein, is that people should not click on links and files without first assessing the credibility of the information, he said. "Question the credibility of the person who is sending you the file, and question the legitimacy of the information sent."
A Facebook spokesperson said in comment: "These Pages and accounts violated our policies and we took them down after Check Point reported them to us. We are continuing to invest heavily in technology to keep malicious activity off Facebook, and we encourage people to remain vigilant about clicking on suspicious links or downloading untrusted software." 
|
