India, Indonesia and Malaysia were among the top 10 countries globally to have been hit by the greatest number of malware attacks by the SilentFade group last month, according to cyber security vendor Kaspersky.
As reported by sister publication CSO, Facebook discovered the SilentFade malware family towards the end of 2018, with its origins traced back to 2016.
The SilentFade group initially made use of a combination of a Windows Trojan, browser injections, clever scripting, and a bug in the Facebook platform to deploy its malware.
The purpose of SilentFade's activities was to infect users with the Trojan, hijack the users' browsers, and steal passwords and browser cookies so they could access Facebook accounts.
Once access was gained, the group searched for accounts that had any type of payment method attached to their profile. For these accounts, SilentFade bought Facebook ads with the victim's funds.
The gang, whose name is a shortened term for “Silently running Facebook Ads with Exploits,” is responsible for defrauding Facebook users of more than US$4 million. Now, it appears as though one of the latest hotspots for the gang’s exploits is Southeast Asia, a region that was previously not prevalent in this particular malware group’s activities, according to Kaspersky’s data.
The security vendor said that its researchers had spotted a significant growth of the malware used by SilentFade, with the greatest number of incidents over the month of January detected in India, Brazil, Indonesia, Italy, Germany, Algeria, Malaysia, Russia, France and Egypt.
Last year, Kaspersky’s telemetry did not detect SilentFade’s presence in Southeast Asia. According to the company, a different landscape was monitored in January this year, when the region witnessed a rapid spread of this malware with a total of 576 incidents.
Aside from 221 and 137 detections in Indonesia and Malaysia, respectively, the Philippines logged 96 cases, Vietnam had 71, Thailand weathered 27 and Singapore claimed 24.
“Our monitoring showed the SilentFade campaign never stopped,” Kaspersky security expert Anton Kuzmenko said. “They are just doing what they did and now we are facing the growth of their activity.
“Their idea and methods remain the same with some changes. Now they also spread downloader, which can spread and download other, more dangerous, malware. Detected files are similar to older versions detected which our industry peers have found links with an alleged Chinese company.
“In terms of distribution, there is a possibility that someone has sold the malware source codes, the gang itself are selling the rootkits, or the codes may have been leaked,” he added.
Kaspersky Southeast Asia general manager Yeo Siang Tiong cautioned local social media platform users to take care when using such platforms.
“Threats on these platforms should be taken seriously in Southeast Asia given the region’s high internet and social media adoption,” Yeo said. “Five out of the six countries here spend more than seven hours online in 2020, and 69 per cent of the region’s total population are active social media users, the highest percentage among all sub-regions in Asia Pacific.
The rise of advertisements across social media platforms has resulted to a treasure trove of financial credentials, which represent a lucrative target for cybercriminals like SilentFade, according to Yeo.
“We urge all users from the region to boost their account’s security through multi-factor authentication, strong passwords, robust solutions, and a lot of vigilance,” he said.