sb-au logo
Story image

Cybercriminals use verified API token to generate Facebook spam comments

28 Apr 2017

Security and compliance company Proofpoint has discovered the API access token for a legitimate, verified Facebook app being used to generate comment spam on Facebook pages.

In exchange for more ‘likes’ and comments on their own timelines, users are enticed to provide the app’s access token to a third-party website, the controllers of which leverage the provided access to form a large social spam botnet.

“Social media provides a unique opportunity to directly reach large audiences,” Proofpoint digital risk vice president Dan Nadir says.

“If cybercriminals put a malicious link on a popular social media page, the attacker’s ability to reach a larger audience grows exponentially.” 

In this scheme, attackers exploit an earlier version of the Facebook API and a legitimate but outdated version of a third-party app.

Proofpoint observed an example of this activity in the social media presence of a Proofpoint customer, a major media outlet, which was the target of large spam attacks posting continuously on its Facebook page.

The media company’s Facebook page was hit with tens of thousands of comments from just the botnet masquerading as the HTC Sense Facebook app; well over half of the messages on their page have been spam.

Spam postings were able to continue for roughly eight hours before Facebook removed the account’s access.

A number of spam comments on the Facebook page in question made reference to various domains that all contained instructions on how to install the Facebook bot on individual accounts using the HTC Sense Facebook app.

“Developers often maintain legacy versions of apps to support older operating systems and hardware, opening the door to the kinds of threat we saw here, even when the apps don’t have a vulnerability to exploit that could give someone elevated access,” says Nadir.

“It raises important questions about obsolescence, upgrades, and versioning that all developers and organizations need to consider,” he adds.

Story image
SMBs seeking service providers in face of rising cyber threats
SMBs are struggling with their cybersecurity solutions, with three quarters worried about being the target of a cyberattack in the next six months, and 91% considering using or switching to a new IT service provider if offered a better option.More
Story image
Jamf extends Microsoft collaboration with iOS Device Compliance
Organisations will soon be able to use Jamf for Apple ecosystem management while using Azure Active Directory and Microsoft Endpoint manager to maintain conditional access.More
Story image
Remote staff overestimating knowledge of cybersecurity basics
‘Unconscious incompetence’ is one of the most difficult issues to identify and solve with security awareness training.More
Story image
The SASE triangle: How a CASB protects managed apps
Enterprises that fail to adapt to the modern business world when it comes to security are likely to fall prey to data breaches and experience a host of other problems, writes Bitglass product marketing manager Will Houcheime.More
Story image
Video: 10 Minute IT Jams - Who is CrowdStrike?
Today, Techday speaks to CrowdStrike ANZ channel director Luke Francis about the company's key products and offerings, its upcoming annual security conference, and the infrastructure it leverages in the A/NZ region.More
Story image
Revealed: The behaviours exhibited by the most effective CISOs
As cyber-threats pile up, more is being asked of CISOs - and according to Gartner, only a precious few are 'excelling' by the standards of their CISO Effectiveness Index.More