Scammers are still successfully tricking people into clicking on sketchy links they get sent via Facebook and WhatsApp, which gives them access to the messages, Facebook accounts and emails on their PCs and phones.
I know, right.
So, it’s not just divvies doing the clicking on the malware.
The scammers used common but sophisticated phishing antics to nick messages, call recordings, audio recordings, pics and more.
EFF technologist Cooper Quentin said in a statement : “One of the interesting things about this ongoing attack is that it doesn’t require a sophisticated or expensive exploit. Instead, all Dark Caracal needed was application permissions that users themselves granted when they downloaded the apps, not realising that they contained malware.”
In this particular used-to-be-secret Dark Caracal op, the criminals used WhatsApp messages and links posted to Facebook groups to fool idiots into clicking. And, as per, when they clicked it would let spy and password grabbing malware onto their phones. In the biz, these attacks are known as waterhole attacks.
Crims work out way. Say a group of activists are hanging out and target that Facebook group that they’re trying to infiltrate and then post links to the malware. When clicked, the links would take them to a fake Facebook log in page, where, obviously, some of the folk would put in their password and username. Game over.
What should people do? Well, not click on sketchy links, not put passwords into faecbok.com/login and USE TWO FACTOR!
Here’s my wishes for the week. Take one friend you have and explain to them about two factor and set it up on one of their social accounts. Imagine if everyone did that.
Post in the comments if you helped a friend get more secure. You might win a prize*
*You probably wont win a prize.