Meta business accounts are being hijacked in attacks using fake browser extensions as part of separate malvertising campaigns, according to The Hacker News.Nearly 40 illicit ads with a video tutorial have been leveraged to facilitate the deployment of a fraudulent Meta Verified browser extension "SocialMetricsPro", which enabled the exfiltration of Facebook session cookies and users' IP addresses, a report from Bitdefender showed.Pilfered cookies have been leveraged by other variants of the extension alongside Facebook Graph API for further information gathering activities aimed at driving a continuous malvertising campaign cycle.Another analysis from Cybereason showed that fake artificial intelligence-powered ad optimization websites have also been used to distribute nefarious Meta advertising extensions, which allow total access to websites visited by the compromised user."This staged approach reveals a clear threat-actor strategy: first capturing Google identity data, then pivoting to Facebook to broaden access and increase the chances of hijacking valuable business or advertising assets," said Cybereason researchers.
Identity, Threat Intelligence

Malvertising campaigns take aim at Meta business accounts

(Photo Illustration by Omar Marques/SOPA Images/LightRocket via Getty Images)

Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds



