The Facebook-based application known as Facebook Messenger is subject to a phishing campaign and has already spread across Europe including Finland, Sweden, and Germany.
The phishing campaign uses a redirection technique which once clicked redirects the users to a malicious phishing page with the intention to steal victims’ passwords on Android and iOS. This information got revealed this Monday by Security Expert Frederic Vila.
Hackers were disguising the campaign as Youtube videos, and used URL anonymizers or shorteners including “utm.io” and “po.st”. Since October 15, a forensic analysis of the link data uncovered that the phishing campaign has reached 200,000 clicks already.
Frederic Vila also wrote in a blog post, “Stolen credentials are being used by hackers to spread the infection.”
F-secure was claiming that the phishing campaign was like a snowball, expanding as more passwords were stolen, and taking the stolen passwords to access accounts and commit ad fraud.
“Cybercriminals also were found attempting to earn from other non-Android and non-iOS users through ad-fraud,” Vila wrote in his report. According to the expert, Facebook lets users use a general email address as a username which worsens phishing schemes.
Vila also said regarding the implications of the phishing campaign on Facebook, “cybercriminals harvest password and email credentials which they are using for secondary attacks including gaining access to other services or systems with bigger monetary value.”
“We are actively recommending infected users to change their Facebook credentials on a short schedule, as well as any other service credentials,” Vila said.
Phishing campaigns are no stranger to Facebook since similar schemes have been working in the past using the social network.
Security experts from Kaspersky Lab found hackers using Messenger to redirect users to malicious adware links, this August.