Facebook Ads Manager Targeted by New Info-Stealing Trojan
Attackers are distributing an information-stealing Trojan disguised as a PDF reader that steals Facebook and Amazon session cookies as well as sensitive data from the Facebook Ads Manager.
Mark Miller, director of enterprise security support at machine identity protection provider Venafi:
“Certificate authorities are in the business of trust; users are trained to trust a URL if they see a padlock in the address bar. Trust is a precious commodity on the Internet and attackers are more than willing to exploit it for their own personal gain.
“We’re in the middle of an intense industry push to encrypt the entire web. Unfortunately, this trend has been a double-edged sword. If a bad actor purchases a certificate from a public CA, they are essentially buying trust. Attacks like the one that target Facebook ad manager and Amazon session cookies are not uncommon.
“Trojans have been distributed by websites with certificates before, and this will continue in the future.
“During topical seasons, such as election years, we will probably see an increase in traffic pointing you to malicious ends. If anyone can buy a trusted certificate to sign their code, then we need to be extremely vigilant when visiting websites and downloading applications. Besides only focusing on a trusted certificate, users should always check that the source is known and good to the best of their ability.”
Kevin Bocek, vice president of security strategy and threat intelligence Venafi:
“The PDF reader attack uses the same techniques that powered Stuxnet — bad actors are using code signing to appear as trusted software. Organizations use code signing to decide what software can run on their machines and devices. Unfortunately, attackers can use compromised or fraudulent code signing credentials to disguise malware as a trusted program.
“It’s scary that bad actors may be targeting our elections with these methods. Unfortunately, it’s pretty likely that these attacks will become more common as the election season heats up.”
Mike Bittner, director of digital security and operations at The Media Trust:
“Bad actors are clearly expanding their arsenal with highly specialized code designed for them to profit from the planet’s most widely used platforms. They’ve crafted schemes to score simultaneously from data theft and ad fraud, exploiting unwary consumers’ visits to unknown websites and freeware downloads. The timing of this attack is expected–the holidays mark the height of consumer online searches for deals and purchases. Once the holidays are over, the data can also be parlayed for political microtargeting and other private-data-for-profit schemes.”