Three different malign actors utilized hundreds of fictitious Facebook and Instagram accounts to target individuals in South Asia. Meta noted each APT relied on social manipulation to trick users into clicking on malicious links or sharing personal information. Relying on social engineering indicated the actors did not invest in malware capability. The fake accounts pretended to be lustful women, recruiters, journalists, or military personnel to convince users to do their bidding.

One Pakistan-based APT Meta linked to the campaign utilized 120 accounts on Facebook and Instagram to infect Indian military and Pakistan Air Force personnel with GravityRAT. Another APT called Bahamut targeted government and military personnel in Pakistan and India with Android malware disguised as VPN apps. An Indian-based threat actor called Patchwork was also caught uploading malicious apps to the Play Store to harvest data from users across South Asia. Meta also discovered six adversarial networks in various countries which conducted coordinated behavior on Facebook and other social platforms. Two of these networks originated in China and operated accounts that targeted users in Taiwan and the Uyghur community. Meta stated in took down the operations before they built a following, and discovered an association between one network and the Chinese IT firm Xi’an Tianwendian Network Technology.

Read More:

https://thehackernews.com/2023/05/meta-uncovers-massive-social-media.html