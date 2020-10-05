During the Virus Bulletin 2020 conference, the Facebook security team presented this group of Chinese hackers called SilentFade. The pirates used a perfectly oiled trick to achieve their goals. Thanks to a Windows rootkit, browser injections, clever scripts, and a zero-day Facebook bug, they were able to buy ads with their victims’ money.

SilentFade hacked Facebook

According to Facebook, SilentFade was active between late 2018 and February 2019. At that very moment, Facebook’s security teams discovered the hackers’ actions and intervened to stop their actions. The goal of the hacking strategy was to hijack users’ browsers in order to steal their passwords and access their Facebook accounts. As soon as they had access to it, hackers looked for accounts whose profile contained a payment method.

Facebook users who registered a bank card to buy Facebook ads were scammed. SilentFade bought Facebook ads with their victims’ money. In just a few months, the Chinese gang managed to buy ads for $ 4 million. Obviously, the adverts published were a trap too. Behind a celebrity image were questionable websites that sold equally strange products. For example, slimming pills.

The social network is a huge victim of zero day failure

Facebook therefore carried out the investigation. The social network’s security team was able to trace it back to a Chinese company and two developers that the company tried to sue in December 2019. According to Facebook, the SilentFade gang started operating in 2016. The first gang shootings took place in China. According to Facebook’s Sanchit Karve and Jennifer Urgilez, “Hackers linked their malware to software that they offered for online download.”

Once the users were infected, the SilentFade malware took control of the victim’s browser. Target browsers included: Chrome, Firefox, Internet Explorer, Opera, Edge, Orbitum, Amigo, Touch, Kometa, and the Yandex browser. Thanks to cookies linked to Facebook, hackers can access the social network’s password without having to provide any identifying information.

This is where the zero-day bug comes in: to prevent users from noticing anything, SilentFade has automatically turned off site notifications, chat notification tones, SMS notifications, and email notifications. E-mail. More sound, more picture. An operating method that reminds us of Stress Paint in 2018. According to the teams of the social network:

“This is the first time we’ve seen malware that can change notification settings. The exploitation of this notification-related vulnerability is exactly the element that alerted Facebook. “