• Home
  • Cyber Crime
  • Cyber warfare
  • APT
  • Data Breach
  • Deep Web
  • Digital ID
  • Hacking
  • Hacktivism
  • Intelligence
  • Internet of Things
  • Laws and regulations
  • Malware
  • Mobile
  • Reports
  • Security
  • Social Networks
  • Terrorism
  • ICS-SCADA
  • POLICIES
  • Contact me
MUST READ

Taking over millions of developers exploiting an Open VSX Registry flaw

 | 

OneClik APT campaign targets energy sector with stealthy backdoors

 | 

APT42 impersonates cyber professionals to phish Israeli academics and journalists

 | 

Kai West, aka IntelBroker, indicted for cyberattacks causing $25M in damages

 | 

Cisco fixed critical ISE flaws allowing Root-level remote code execution

 | 

U.S. CISA adds AMI MegaRAC SPx, D-Link DIR-859 routers, and Fortinet FortiOS flaws to its Known Exploited Vulnerabilities catalog

 | 

CitrixBleed 2: The nightmare that echoes the 'CitrixBleed' flaw in Citrix NetScaler devices

 | 

Hackers deploy fake SonicWall VPN App to steal corporate credentials

 | 

Mainline Health Systems data breach impacted over 100,000 individuals

 | 

Disrupting the operations of cryptocurrency mining botnets

 | 

Prometei botnet activity has surged since March 2025

 | 

The U.S. House banned WhatsApp on government devices due to security concerns

 | 

Russia-linked APT28 use Signal chats to target Ukraine official with malware

 | 

China-linked APT Salt Typhoon targets Canadian Telecom companies

 | 

U.S. warns of incoming cyber threats following Iran airstrikes

 | 

McLaren Health Care data breach impacted over 743,000 people

 | 

American steel giant Nucor confirms data breach in May attack

 | 

The financial impact of Marks & Spencer and Co-op cyberattacks could reach £440M

 | 

Iran-Linked Threat Actors Cyber Fattah Leak Visitors and Athletes' Data from Saudi Games

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 50

 | 
  • Home
  • Cyber Crime
  • Cyber warfare
  • APT
  • Data Breach
  • Deep Web
  • Digital ID
  • Hacking
  • Hacktivism
  • Intelligence
  • Internet of Things
  • Laws and regulations
  • Malware
  • Mobile
  • Reports
  • Security
  • Social Networks
  • Terrorism
  • ICS-SCADA
  • POLICIES
  • Contact me
  • Home
  • Cyber Crime
  • Security
  • Social Networks
  • Cybercriminals Leveraging Facebook Report

Cybercriminals Leveraging Facebook Report

Pierluigi Paganini July 14, 2013

Cybercriminals Leveraging Facebook is the title of  a research that provided evidence that criminal organizations are exploiting Facebook for illegal activities.

Cybercriminals Leveraging Facebook, this is the title of an interesting research conducted by Eric Feinberg, Ian Malloy and Frank Angiolelli that provided evidence of the existence of highly organized criminal networks that are exploiting the popular social network for illegal activities.
Malicious actors and cybercriminals are now leveraging social media as a mass distribution system for advertising counterfeit consumer goods through Facebook and infecting computers to become part of a botnet, or ring of malicious acting computers operating through a remote mechanism.
This activity is trafficking in goods using counterfeit trademarks, leveraging insecure transport for Personally Identifiable Information and utilizing dubious payment processors. The activity is growing to include money mule recruitment and “loan origination” as well as operating under a Chinese and Russian Business Network banner.
The scope of the fraud described in the “Cybercriminals Leveraging Facebook” report are various, following a list of most common
  • Counterfeit merchandise
  • Payday Loans
  • Facebook sites with redirectors
  • Suspected Money Mule Recruitment
  • Counterfeit NFL Jerseys
  • The installation of remote control capabilities, i.e. a zombie computer or ‘bot’
The “Cybercriminals Leveraging Facebook” study laid out evidence that this “system” appears highly organized including creation, masking and distribution system utilizing a definable pattern of replication. These actors are exploiting weaknesses in Facebook API to expose mass numbers of unsuspecting citizens to counterfeit merchandise advertisements per fake profiles.  The mechanism by which the malicious actors are intruding and avoiding detection is through the use of Facebook’s graph API.
In addition, these actors are creating advertisements which are using Facebook’s ad distribution to present their sites across thousands of groups, more specifically fan pages related to professional sports.
The “Cybercriminals Leveraging Facebook” paper documented the organized and distributed network these actors are using, the clearly identifiable patterns and the need for a detection mechanism, following main techniques discussed in the analysis:
Fake User Profiles – These malicious actors are creating Facebook profiles using fictitious names and a methodology following a distinctive pattern. The actors are creating profiles using the most basic settings and mass joining public groups. The number of groups joined ranges from approximately 100 to 400+ per profile and in virtually all cases, the user has never posted anything on their timeline. Using these groups, the “advertisement” posts reach upwards of 300,000 people per fake profile
Cybercriminals Leveraging Facebook fake profiles

 

The Posts for Counterfeit Merchandise – Once the account is created, it joins hundreds of groups and posts ads. The pattern for the posts these fake profiles are proliferating consist primarily of a sales pitch, a website link containing various domains primarily made up from .tk websites without canonical references followed by a picture of the supposed merchandise to be sold.

Using the Russian Business Network as an Intermediary – These actors are using Russian Business Network IP addresses as intermediaries to host the .tk redirectors. This technique is being used as an evasion tactic to prevent easy discovery and blocking of the offending counterfeit merchandise website.

Cybercriminals Leveraging Facebook RBN

Mass Redirection Using .tk Websites – The actors create multiple redirectors hosted on the same IP address over time

The researchers proved that cybercriminals adopted method of replication being used here is replicated over multiple domains, with multiple redirectors. They also identified the pattern followed by the counterfeit merchandise websites despite they use to rotate domain, hosting, registrar and geo-location, distinct patterns exist across all the websites being distributed centered primarily against the actual content.

FoeI suggest the reading of the interesting white paper ….

Pierluigi Paganini

(Security Affairs – Facebook, Cybercrime, Cybercriminals Leveraging Facebook Report )


facebook linkedin twitter

botnet Cybercrime Facebook personally identifiable information Russian Business Network social media social networks

you might also like

Pierluigi Paganini June 27, 2025
Taking over millions of developers exploiting an Open VSX Registry flaw
Read more
Pierluigi Paganini June 27, 2025
OneClik APT campaign targets energy sector with stealthy backdoors
Read more

leave a comment

newsletter

Subscribe to my email list and stay
up-to-date!

    recent articles

    Taking over millions of developers exploiting an Open VSX Registry flaw

    Hacking / June 27, 2025

    OneClik APT campaign targets energy sector with stealthy backdoors

    Hacking / June 27, 2025

    APT42 impersonates cyber professionals to phish Israeli academics and journalists

    APT / June 27, 2025

    Kai West, aka IntelBroker, indicted for cyberattacks causing $25M in damages

    Cyber Crime / June 26, 2025

    Cisco fixed critical ISE flaws allowing Root-level remote code execution

    Security / June 26, 2025

    To contact me write an email to:

    Pierluigi Paganini :
    pierluigi.paganini@securityaffairs.co

    LEARN MORE

    QUICK LINKS

    • Home
    • Cyber Crime
    • Cyber warfare
    • APT
    • Data Breach
    • Deep Web
    • Digital ID
    • Hacking
    • Hacktivism
    • Intelligence
    • Internet of Things
    • Laws and regulations
    • Malware
    • Mobile
    • Reports
    • Security
    • Social Networks
    • Terrorism
    • ICS-SCADA
    • POLICIES
    • Contact me

    Copyright@securityaffairs 2024

    We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept All”, you consent to the use of ALL the cookies. However, you may visit "Cookie Settings" to provide a controlled consent.
    Cookie SettingsAccept All
    Manage consent

    Privacy Overview

    This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities...
    Necessary
    Always Enabled
    Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
    Non-necessary
    Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
    SAVE & ACCEPT