A global ad phishing campaign has been detected by cyber security researchers. Over 6.15 lakh Facebook user accounts across 50 countries have been compromised via exploiting the pages of GitHub.
ThreatNix (a Nepal-based cyber security firm) — The list of affected users is growing at a rapid pace of more than 100 entries per minute. It has also claimed, "We saw similar Facebook posts targeting Facebook users from Tunisia, Egypt, Philippines, Pakistan, Norway, Malaysia, etc.".
The researchers have come across a sponsored Facebook post, posted by a Facebook page that has "Nepal Telecom" mentioned in the profile picture name, offering 3 GB mobile data. And if someone clicks the post, it redirects to a phishing site hosted on the Github page. It was almost impossible to differentiate between the original Nepal Telecom and this dubious account. Hence, many Facebook users have fallen in the trap and been hoodwinked.
The researchers further said, "All these static GitHub pages forwarded the phished credentials to two endpoints one to a Firestore database and another to a domain owned by the phishing group," the researchers noted. We discovered almost 500 GitHub repositories containing phishing pages that are a part of the same phishing campaign."
To date, there is no response or reaction from Facebook or GitHub on this.
Facebook ensures no phishing ads get posted on their platform. However, in this case, a Bitly link has been used. It's believed that the firstly (for getting the post approved from Facebook) some normal page was linked and then it has been replaced by the dubious one.
To get more updates and news of this kind, please subscribe to the ISOEH newsletter. Stay alert stay ahead.