Cybersecurity specialists discovered a massive phishing campaign that used Facebook Messenger to trick millions of individuals into entering their login details and watching advertisements on phishing pages.
These stolen accounts were used by the threat actors to deliver more phishing messages to their friends, resulting in impressive earnings from online advertising commissions.
American AI-focused cybersecurity company PIXM said that the operation reached its peak in April-May 2022 but has been functional since at least September 2021.
Because one of the phishing pages that was identified by the security firm contained a link to a traffic monitoring tool (whos.amung.us) that was publicly accessible without authentication, the researchers were able to track down the malicious actors and map the campaign.
More on the Operation
While no one knows how the phishing operation began, PIXM claims that targets were sent to phishing landing pages via a series of Facebook Messenger redirects.
Because more Facebook accounts were hacked, the cybercriminals utilized automated software to send additional phishing links to the affected account’s friends, resulting in a huge increase in the number of stolen accounts.
A user’s account would be compromised and, in a likely automated fashion, the threat actor would log in to that