At an industry conference this week, the Facebook security team shared additional details about one of the most sophisticated malware scams ever on the platform — a ploy originating in China known as “SilentFade.” The advanced hack utilized a bug in Facebook’s code to steal users’ passwords and cookies so they could hijack their accounts and spend their funds on fraudulent advertising. According to Facebook, the malware gang managed to defraud users of more than $4 million between late 2018 and February 2019 before being detected.

The social media giant also noted that this malware used sophisticated scripting to disable many of its security features, and even prevent users from re-enabling them. It also took over victims’ notification settings so they remained unaware of the hackers’ activity.

“This was the first time we observed malware actively changing notification settings, blocking pages, and exploiting a bug in the blocking subsystem to maintain persistence in a compromised account,” Facebook said. “The exploitation of this notification-related bug, however, became a silver lining that helped us to detect compromised accounts, measure the scale of infections, and map abuse originating from user accounts to the malware responsible for the initial account compromise.”

Thankfully, Facebook fully reimbursed all of the affected users. But it’s troubling that the platform was so susceptible to this kind of operation in the first place.

Recommended Resources

The Choice of Tech Experts Worldwide. Try 90 days free of Bitdefender and experience the highest level of digital safety.

Surf the web truly incognito. Try Bitdefender Premium VPN, the ultra-fast VPN that keeps your online identity and activities safe from hackers, ISPs and snoops.

System Mechanic 14 – Make your computer run like new. Winner of 200+ Editor’s Choice awards!