Hackers have been caught getting into popular verified Facebook pages and using them to distribute malware through adverts on the social media behemoth.
Matt Navarra, a social strategist, was the first to notice the harmful effort, exposing the danger on Twitter.
According to Navarra, whoever is behind the campaign targeted popular Facebook sites first (one of the victims has over seven million followers and has been active for over a decade). If they gained access, they would rename the page something like Meta (Facebook's parent company) or Google.
They would then buy an ad on the social media network, targeting page managers and advertising specialists.
“Because of security issues for upcoming users, you can no longer manage ad accounts in the browser,” the ad reads. “Switch to a more professional and secure tool,” the ad concludes, before sharing an obviously fraudulent download link.
There are several issues with this campaign, according to Navarra, including how the accounts were compromised, how Facebook enabled the threat actors to change the page's name to something seemingly related to Meta while keeping the blue checkmark, and how they were able to buy and run ads that clearly redirect the target audience to a shady website at best.
According to TechCrunch, Facebook has since disabled all of the affected accounts and shut down the malicious activities. It also stated that Facebook pages now disclose whether or not the page has changed its name in the past, and if so, from what, which is a nice move to increase openness.
“We invest significant resources into detecting and preventing scams and hacks,” a Meta spokesperson told TechCrunch. “While many of the improvements we’ve made are difficult to see – because they minimize people from having issues in the first place – scammers are always trying to get around our security measures.”