Categories: NewsSecurity

Criminals Distribute Banking Trojans Using Facebook’s CDN Servers

It is well known that a lot of malware attacks can be distributed using social media. Clicking on nefarious links or opening attachments sent in direct messages are two somewhat common attack vectors. One particular malware group has taken things to a new level, as it uses Facebook’s content delivery network server to hide banking Trojans. This is a very interesting turn of events, although it remains to be seen how the company will respond to this problem.

Facebook CDN is a Malware Distribution Platform

Researchers have come across some very unusual malware activity these past few weeks. Specifically, the way these malicious payloads are distributed has raised a lot of questions. Several campaigns are actively using Facebook’s CDN

servers to distribute malware to users all over the world. It turns out these malware types are all banking Trojans hiding on CDN servers used by the social media giant.

It is also believed these same criminals are responsible for having used Dropbox and Google’s cloud storage to distribute similar payloads not too long ago. These trusted services have been getting a lot of attention lately, although not necessarily for the right reasons. When tools like these are used for criminal activity, it is impossible to tell what the final consequences will be. Most people trust Google, Facebook, and Dropbox, and would hardly associate these companies with malware.

By making use of the Facebook CDN servers, criminals will cause a lot of damage with these banking Trojans. Their domain name is trusted by security solutions, which means they will not recognize this malware as such. A custom domain create to host and distribute malware can easily get blacklisted and even taken offline by registrars. Taking Facebook offline for this particular purpose would be rather problematic for obvious reasons

Related Post

Users are first contacted through a fake email in which they are asked to visit the Facebook CDN where the malware is hosted. These emails are disguised as a communication from local authorities. Considering how the link in the email is not marked as malicious right away, most users will click on it. The assailants upload these banking Trojans in Facebook groups or other public sections and use the aforementioned URL as a way to distribute them through spam email campaigns.

What is rather peculiar is how this attack is only aimed at Brazilian users right now. The Brazilian ecosystem is of keen interest to particular criminals, although it is unknown why this is the case. When a user from a non-targeted region visits the link, the infection process is halted prematurely. This shows that this new campaign is specifically tailored for one purpose only, although it is anybody’s guess as to why Brazil is the target.

According to the first reports, the banking Trojan being distributed is called Squiblydoo. Users who click on an email link will download a ZIP archive containing a PowerShell script. Once they do so, the malware will download in the background and infect one’s computer accordingly. Though it is a rather common method of attack, this particular distribution campaign is something we do not see every day. These spam emails have been delivered to hundreds of thousands of recipients, although it is unclear how many people actually clicked the links in question.

JP Buntinx

JP Buntinx is a FinTech and Bitcoin enthusiast living in Belgium. His passion for finance and technology made him one of the world's leading freelance Bitcoin writers, and he aims to achieve the same level of respect in the FinTech sector.

Share
Published by
JP Buntinx

Recent Posts

Best Cryptos to Buy Today: Qubetics Presale Hits $2.7M, MicroStrategy Falls After Bitcoin Price Dips, and Ethereum Heist Involves North Korean Hackers

Best Cryptos to Buy Today: Qubetics Presale Hits $2.7M, Bitcoin Price Dips, and Ethereum Heist…

1 hour ago

WIF Set to Overtake BONK? Lunex Soars with 100x Potential in Altcoin Season

As altcoin season heats up, all eyes are on the rising stars—especially Lunex, which is…

10 hours ago

Binance Coin Price Dips: BNB Holders Rush To Lunex Presale To Hedge Their Long Positions

While the broader market witnessed a notable upward movement, Binance Coin (BNB) experienced a decline…

10 hours ago

Crypto Stalwarts Forecasted 800% Growth in Innovative Projects: VeChain, Rollblock and Polkadot!

This blazing crypto bull run has investors looking for the next top altcoins set to…

10 hours ago

Dogecoin Price Set To Recreate 36,000% Rally From 2021 After Pennant Formation

The Dogecoin price is back in the limelight, captivating the crypto world with its recent…

10 hours ago

Is XRP About to Explode? How Trump’s Victory Is Affecting XRP Price Amidst JetBolt Growth

Ripple’s XRP showed a 68% price increase in the last 7 days following Trump's victory,…

10 hours ago