Fake download scam steals internet passwords

Cybercriminals are launching a new scam on the internet, this time involving company pages on Facebook.

The fake download scam is a way to gain access to passwords of users who download and run programs and games offered for free.

The fraud was identified by researchers from the threat lab of the company Avast, which specializes in digital security and privacy.

According to the researchers, pages of companies around the world are being hacked to install malware (malicious program) capable of stealing passwords.

The scam works as follows: criminals buy malware on the dark web for amounts ranging from US$100 to US$150 (from R$524 to R$786). They somehow manage to invade the companies page and start to offer the download of programs and games that are on the rise.

Called a readline stealer, it works as a password stealer and is also capable of placing other malware on the user’s computer or cell phone that installs and runs the fake program.

By discovering users’ passwords, criminals can hack accounts on social networks, make purchases on websites or even withdraw and transfer money through the use of internet banking, among other scams.

According to Vojtěch Boček, the researcher who discovered the fraud, the links in the post direct the user to a file on a storage and sharing site. To get infected, you need to download the file, extract the content and run the file.

The scam came to light after Boček became suspicious of a sponsored post that appeared on his Facebook feed offering to download Adobe Acrobat Reader for free. “I was immediately suspicious as the link shown in the post preview was mediafire.com, not adobe.com,” he says.

The sponsored post presented itself as a page from the Brazilian company Viu Internet, which has been offering broadband internet services on the coast of Rio Grande do Sul for 15 years, and was being distributed because its website had been hacked.

The case caused the company to position itself on its website, informing customers about the invasion and guiding consumers to seek information and close deals through other channels.

In addition to Viu Internet, invasions of company pages were also found in Mexico, Slovakia and the Philippines. In Mexico, it is a sporting goods store whose page has 114 thousand followers. In Slovakia, a tourism website with 2,000 followers was hacked, and in the Philippines, the deed was done on a computer repair shop with 700 followers.

When contacted, Viu Internet did not take a position on the cybercriminal attack on its website. Facebook said in a statement that it invests in resources to stop fraud.

“We invest in resources to prevent hackers from accessing third-party accounts and in tools and processes for recovering accounts, as well as in educational campaigns. Keeping the people who use our platforms safe is one of our priorities”, says the text.

How do criminals break into company accounts?

According to Boček, company accounts on Facebook are hacked after criminals somehow manage to login and password, using techniques to trick administrators into passing on the information.

“Another way cybercriminals can also gain access to an account is by using login credentials they find on the darknet,” he says.

The researcher claims that it is difficult to locate the criminals, because password stealing malware is available for purchase on the dark web for values ​​considered low, which makes it difficult to identify who is behind the attacks.