Mumbai: Kaspersky warned Indian users of an old social media campaign spreading malware from 2016 by a Chinese SilentFade gang that has resurfaced this year. The warning comes at a time, when the world is celebrating Safer Internet Day on February 9.
The SilentFade gang is known to utilize a combination of Windows trojan, browser injections, clever scripting, and a bug in the Facebook platform. That makes a very sophisticated and rare modus operandi to target Facebook’s users.
Back in 2016, the purpose of SilentFade’s operations was to infect users with the trojan, hijack user’s browsers, and steal passwords and browser cookies so as to access their Facebook accounts. Once the cybercriminals had access, the group searched for accounts that had any type of payment method attached to their target’s profile.
For these accounts, SilentFade bought Facebook ads with the victim’s funds. Then the cybercriminals start promoting their ads through the Facebook advertising platform.
Despite operating only for a few months, Facebook revealed that the group managed to defraud infected users of more than $4 million, which they used to post malicious Facebook ads across the social network.
Facebook also said SilentFade was part of a larger trend and a new generation of cybercrime actors that appear to reside in China and have persistently targeted its platform and user base.
Kaspersky experts have recently recorded Frank rootkit and after having it analyzed, they found out that it has many similarities to the social media malware campaign run by the SilentFade gang.
According to Kaspersky’s analysis, India ranks first with 603 infections in the last month, on the list of infected countries by this rootkit. Brazil (255 infections) and Indonesia (221) followed at second and third position. The social media malware -based cyberattack very sophisticated in nature. It can easily spread across countries and regions and can infect a huge number of devices as well as cause monetary losses.
This Safer Internet Day, Kaspersky encouraged the Indian internet users to think about the technology you use and how you can take steps to make your usage more secure, and the job of the bad guys more difficult.
Here are some Internet safety rules to follow to help you avoid getting into trouble online:
1.Keep Personal Information Professional and Limited: Potential employers or customers don’t need to know your personal relationship status or your home address. They do need to know about your expertise and professional background, and how to get in touch with you. You wouldn’t hand purely personal information out to strangers individually—don’t hand it out to millions of people online.
2.Keep Your Privacy Settings On: Marketers love to know all about you, and so do hackers. Both can learn a lot from your browsing and social media usage. But you can take charge of your information. As noted by Lifehacker, both web browsers and mobile operating systems have settings available to protect your privacy online. Major websites like Facebook also have privacy-enhancing settings available. These settings are sometimes (deliberately) hard to find because companies want your personal information for its marketing value. Make sure you have enabled these privacy safeguards, and keep them enabled.
3.Practice Safe Browsing: You wouldn’t choose to walk through a dangerous neighbourhood—don’t visit dangerous neighbourhoods online. Cybercriminals use lurid content as bait. They know people are sometimes tempted by dubious content while searching and may let their guard down. The Internet’s demimonde is filled with hard-to-see pitfalls, where one careless click could expose personal data or infect your device with malware. By resisting the urge, you don’t even give the hackers a chance.
4.Make Sure Your Internet Connection is Secure: Use a Secure VPN Connection: When you go online in a public place, for example by using a public Wi-Fi connection, PCMag notes you have no direct control over its security. Corporate cybersecurity experts worry about “endpoints”—the places where a private network connects to the outside world. Your vulnerable endpoint is your local Internet connection. Make sure your device is secure, and when in doubt, wait for a better time (i.e., until you’re able to connect to a secure Wi-Fi network) before providing information such as your bank account number.
5.Be Careful What You Downloads and Clicks: Cybercriminals ‘ top goal is to trick you into clicking malicious links and downloading malware — This link can be shared with you on social media platforms, emails, etc and can endanger your private data and devices.
6.Choose Strong Passwords: Passwords are one of the biggest weak spots in the whole Internet security structure, but there’s currently no way around them. And the problem with passwords is that people tend to choose easy ones to remember (such as “password” and “123456”), which are also easy for cyber thieves to guess. Select strong passwords that are harder for cybercriminals to demystify. Password manager software can help you to manage multiple passwords so that you don’t forget them. A strong password is one that is unique and complex—at least 15 characters long, mixing letters, numbers and special characters.
7.Make Online Purchases From Secure Sites: Any time you make a purchase online, especially through ads on social media platforms, you need to provide credit card or bank account information—just what cybercriminals are most eager to get their hands on. Only supply this information to sites that provide secure, encrypted connections. You can identify secure sites by looking for an address that starts with https: (the S stands for secure) rather than simply http: They may also be marked by a padlock icon next to the address bar.
8.Be Careful What You Post: The Internet does not have a delete key. Any comment or image you post online may stay online forever because removing the original (say, from Twitter) does not remove any copies that other people made. There is no way for you to “take back” a remark you wish you hadn’t made, or get rid of that embarrassing selfie you took at a party. Don’t put anything online that you wouldn’t want your mom or a prospective employer to see.
9.Keep Your Antivirus Program Up To Date: Internet security software cannot protect against every threat, but it will detect and remove most malware—though you should make sure it’s to date. Be sure to stay current with your operating system’s updates and updates to applications you use. They provide a vital layer of security.