sb-nz logo
Story image

Cybercriminals use verified API token to generate Facebook spam comments

28 Apr 2017

Security and compliance company Proofpoint has discovered the API access token for a legitimate, verified Facebook app being used to generate comment spam on Facebook pages.

In exchange for more ‘likes’ and comments on their own timelines, users are enticed to provide the app’s access token to a third-party website, the controllers of which leverage the provided access to form a large social spam botnet.

“Social media provides a unique opportunity to directly reach large audiences,” Proofpoint digital risk vice president Dan Nadir says.

“If cybercriminals put a malicious link on a popular social media page, the attacker’s ability to reach a larger audience grows exponentially.” 

In this scheme, attackers exploit an earlier version of the Facebook API and a legitimate but outdated version of a third-party app.

Proofpoint observed an example of this activity in the social media presence of a Proofpoint customer, a major media outlet, which was the target of large spam attacks posting continuously on its Facebook page.

The media company’s Facebook page was hit with tens of thousands of comments from just the botnet masquerading as the HTC Sense Facebook app; well over half of the messages on their page have been spam.

Spam postings were able to continue for roughly eight hours before Facebook removed the account’s access.

A number of spam comments on the Facebook page in question made reference to various domains that all contained instructions on how to install the Facebook bot on individual accounts using the HTC Sense Facebook app.

“Developers often maintain legacy versions of apps to support older operating systems and hardware, opening the door to the kinds of threat we saw here, even when the apps don’t have a vulnerability to exploit that could give someone elevated access,” says Nadir.

“It raises important questions about obsolescence, upgrades, and versioning that all developers and organizations need to consider,” he adds.

Story image
Report: 151% increase in DDoS attacks compared to 2019
It comes as the security risk profile for organisations around the world increased in large part thanks to the COVID-19 pandemic, forcing greater reliance on cloud technology and thrusting digital laggards into quick and unsecured migrations.More
Story image
NortonLifeLock introduces dark web monitoring to its security suite
Dark Web Monitoring Powered by LifeLock will be capable of monitoring the dark web, searching for over 120 personal identifiable information including email, physical address, phone number, driver licence number, credit card or bank account numbers and gamer tags.More
Story image
Gartner: Security leaders must balance risk, trust and opportunity
Security and risk leaders must focus on balancing risk, trust and opportunity to help maintain the ability of their organisations to function.More
Link image
Performance monitoring & how it drives low-cost efficiency
Business users explains how performance monitoring helped him reduce cloud costs by 50%, among other business benefits.More
Story image
NZTech chief hopeful for greater diversity in tech sector
With the most diverse board ever, Muller has released a statement that highlights greater inclusion as the tech sector thrives in a pandemic-hit NZ.More
Story image
ESET launches the latest version of its Mobile Security solution
“With this latest version of ESET Mobile Security, we want to ensure our users feel completely secure when performing financial transactions on their devices, in addition to being protected from malware and phishing attempts."More