A new global phishing threat, called “Meta Mirage,” has been revealed, and it is using Meta’s business suite to target businesses. The campaign is specifically intended to hijack high value accounts that include advertising management and official branded pages.
CTM360 cybersecurity researchers have revealed that the attacker behind Meta Mirage will spoof as official meta communications and trick users into handing over sensitive details such as passwords and security codes (OTPs).
The scale of this operation is amazing. Researchers have already identified over 14,000 malicious URLs, the majority (usually 78%) were not blocked by the browser at the time the report was published.
Cybercriminals skillfully hosts fake pages that leverage trusted cloud platforms such as Github, Firebase, and Vercel, making it difficult to spot scams. This method is closely in line with recent findings from Microsoft, highlighting similar exploitation of cloud hosting services, ensuring that Kubernetes applications can compromise on attackers frequently leverage trustworthy platforms to avoid detection.
The attacker deploys fake alerts about policy violations, account suspensions, or emergency verification notifications. These messages are sent via email and direct messages, but are persuasive as they mimic official communications from the meta and often seem urgent and authoritative. This tactic reflects the techniques observed in a recent Google Sites Phishing campaign, which used Google Hosted pages that looked real to deceive users.
Two main methods are used.
Credentials: Victims enter their password and OTP into fake websites that look realistic. The attacker intentionally triggers a fake error message, allowing the user to re-enter the details, ensuring accurate and usable stolen information. Cookie Theft: Scammers also steal cookies from their browsers, allowing you to continue access to compromised accounts without a password.
These compromised accounts not only affect individual businesses, but are often exploited to run malicious ad campaigns, amplifying the damage, as well as the tactics observed in PlayPraetor malware campaigns where social media hijacked fraudulent ad distributions.
The CTM360 report also outlines the structured and calculated approaches that attackers use to maximize effectiveness. Victims are initially contacted with mild, non-injectable notifications that gradually escalate with urgency and severity. Initial notifications may refer to general policy violations, but subsequent messages warn you of immediate suspension or permanent deletion of your account. This progressive escalation creates anxiety and urgency, encouraging users to act quickly without fully verifying the reliability of these messages.
To protect against this threat, the CTM360 recommends:
Manage your business social media accounts using only official devices. Use an individual business-only email address. Enables two-factor authentication (2FA). Check your account security settings and active sessions regularly. Train staff to recognize and report suspicious messages.
This extensive phishing campaign highlights the importance of vigilance and proactive security measures to protect valuable online assets.
Source link
