Interviews

Social media exploited

by Mark Rowe

Crimeware tools and hacking tutorials are widely available on social media platforms. Such platforms also enable an underground economy for the trading of stolen data, such as credit card details, it’s claimed. Criminals have been quick to understand how to exploit social media to aid more traditional crime, whether social media is a vehicle to sell something or research potential victims – such as those vulnerable to online dating scams.

Dr Mike McGuire, a Senior Lecturer in Criminology at the University of Surrey, did a six-month academic study, commissioned by malware protection product company Bromium, on ‘social media platforms and the cybercrime economy‘. McGuire said: “Facebook Messenger has been instrumental in spreading cryptomining strains like Digmine. Another example we found was on YouTube, where users who clicked on adverts were unwittingly enabling cryptomining malware to execute on their devices.

“While adverts on Facebook or Instagram may look like they’re promoting Ray-Ban sunglasses or Nike shoes, they’re often more sinister and deliver malware once clicked. Cybercriminals have been quick to see how the social nature of such platforms can be used to spread malware, embedding it into posts or friends’ updates and using photo tag notifications to persuade users to open infected attachments.

“Another trend on social media has been the hijacking of trustworthy verified accounts. In one case, hackers took over the Twitter account for UK retailer Matalan and changed it to resemble Elon Musk’s profile. Tweets were then sent out asking for a small bitcoin donation with the promise of a reward. Safe to say, nobody who donated got anything in return.”

Social media is also behind the recruitment of students and others as ‘money mules’. Cryptomining sees the take-over of web browsers on a computer or mobile device, to launch malicious attacks and “mine” forms of online money while remaining hidden to the user. Four of the top five global websites hosting cryptomining code are social media platforms, McGuire suggests.

Related News

Newsletter

Subscribe to our weekly newsletter to stay on top of security news and events.

© 2024 Professional Security Magazine. All rights reserved.

Website by MSEC Marketing