Ad phishing becomes common throughout the world. People affected by ad phishing is increasing day by day. More than 100 users per minute are found to be affected according to a Nepal cybersecurity firm, ThreatNix. More than 6.15 lakhs of Facebook accounts from at least 50 countries were trapped by exploiting the pages of the open-source repository GitHub.
What’s this phishing?
Phishing is illegally accessing the data. Phishers access the data through the scam they send to the people. When users fall for the scam by opening those messages or emails, their data is being hacked. It is a venerable and increasing form of cyber-attack to gather personal information using deceptive emails and websites.
The first phishing campaign was found through a sponsored Facebook post. The post was about the offering of 3GB mobile data from Nepal Telecom. Once people get through the post, the page is redirected towards the phishing site hosted on GitHub pages. The phishing site was indistinguishable since the page had a similar profile picture and name that of Nepal Telecom.
The cybersecurity firm also said that they saw similar Facebook posts targeting Facebook users from several places like Tunisia, Egypt, Philippines, Pakistan, Norway, Malaysia, etc. The ad phishing campaign is using localized Facebook posts. It also uses spoofing of legitimate entities and targeted ads for specific countries. Links within these posts are then redirected to a static Github page website. This page also contained a login panel for Facebook.
Researchers noted that the phished credentials from the static GitHub pages are forwarded to two endpoints. They are sent to the firestore database and a domain owned by the phishing group. They also discovered almost 500 GitHub repositories containing phishing pages. All these GitHub repositories were found to be part of the same phishing campaign.
This report is yet to be commented on by Facebook or GitHub.
ThreatNix is collaborating and working with several authorities on taking down phishing infrastructure. Facebook is also taking measures such that they do not approve of this kind of phishing page ad. In this case, after getting approval from Facebook for their ads, the phishers modified their pages into phishing sites.