Categories: NewsSecurity

Criminals Distribute Banking Trojans Using Facebook’s CDN Servers

It is well known that a lot of malware attacks can be distributed using social media. Clicking on nefarious links or opening attachments sent in direct messages are two somewhat common attack vectors. One particular malware group has taken things to a new level, as it uses Facebook’s content delivery network server to hide banking Trojans. This is a very interesting turn of events, although it remains to be seen how the company will respond to this problem.

Facebook CDN is a Malware Distribution Platform

Researchers have come across some very unusual malware activity these past few weeks. Specifically, the way these malicious payloads are distributed has raised a lot of questions. Several campaigns are actively using Facebook’s CDN

servers to distribute malware to users all over the world. It turns out these malware types are all banking Trojans hiding on CDN servers used by the social media giant.

It is also believed these same criminals are responsible for having used Dropbox and Google’s cloud storage to distribute similar payloads not too long ago. These trusted services have been getting a lot of attention lately, although not necessarily for the right reasons. When tools like these are used for criminal activity, it is impossible to tell what the final consequences will be. Most people trust Google, Facebook, and Dropbox, and would hardly associate these companies with malware.

By making use of the Facebook CDN servers, criminals will cause a lot of damage with these banking Trojans. Their domain name is trusted by security solutions, which means they will not recognize this malware as such. A custom domain create to host and distribute malware can easily get blacklisted and even taken offline by registrars. Taking Facebook offline for this particular purpose would be rather problematic for obvious reasons

Related Post

Users are first contacted through a fake email in which they are asked to visit the Facebook CDN where the malware is hosted. These emails are disguised as a communication from local authorities. Considering how the link in the email is not marked as malicious right away, most users will click on it. The assailants upload these banking Trojans in Facebook groups or other public sections and use the aforementioned URL as a way to distribute them through spam email campaigns.

What is rather peculiar is how this attack is only aimed at Brazilian users right now. The Brazilian ecosystem is of keen interest to particular criminals, although it is unknown why this is the case. When a user from a non-targeted region visits the link, the infection process is halted prematurely. This shows that this new campaign is specifically tailored for one purpose only, although it is anybody’s guess as to why Brazil is the target.

According to the first reports, the banking Trojan being distributed is called Squiblydoo. Users who click on an email link will download a ZIP archive containing a PowerShell script. Once they do so, the malware will download in the background and infect one’s computer accordingly. Though it is a rather common method of attack, this particular distribution campaign is something we do not see every day. These spam emails have been delivered to hundreds of thousands of recipients, although it is unclear how many people actually clicked the links in question.

JP Buntinx

JP Buntinx is a FinTech and Bitcoin enthusiast living in Belgium. His passion for finance and technology made him one of the world's leading freelance Bitcoin writers, and he aims to achieve the same level of respect in the FinTech sector.

Share
Published by
JP Buntinx

Recent Posts

Best Altcoins to Invest in Today: Qubetics Sets the Stage for Blockchain’s Future as Bitcoin Hits $108K and Litecoin Soars

The cryptocurrency world has always been a hotbed of innovation, attracting both seasoned investors and…

11 hours ago

Dogecoin Millionaire Predicts This Undervalued Altcoin Could Match DOGE’s 2021 Gains

Dogecoin's 2021 rally was a historic one, turning ordinary investors into overnight millionaires. This magnificent…

11 hours ago

Qubetics Presale Skyrockets to $7.5M as XRP and Arbitrum Lead Best Altcoins for Exponential Returns

The crypto market is always evolving, with big names like Bitcoin and Ethereum leading the…

12 hours ago

Over 300K Users Actively Mine Crypto On BlockDAG’s X1 Miner App While BNB Bulls Eye $3K; What’s XRP’s Price Target?

The crypto market is ablaze with excitement as altcoins like XRP and BNB make major…

12 hours ago

Best Crypto Presale To Buy Now: Rollblock Delivers For Holders With New License, Record Sign Ups and 7000+ Games

Rollblock is quickly becoming the best crypto presale to buy, delivering unmatched value for its…

16 hours ago

Polkadot And Uniswap Gearing For Post-Christmas Jump As Rollblock Raises $7.4 Million in Presale

While Rollblock's continues its crypto presale, with its value increasing regularly, Polkadot (DOT) and Uniswap…

17 hours ago