Facebook has become a favorite place for attackers preying on naive members of the Internet community. Therefore , the Cybernews publication conducted its investigation by analyzing the method of video phishing using video “It’s you?”. The attack model is quite simple – the hacker posed as a friend of the victim and sent a fake video with the signature “It’s you?”. By clicking on the video, the user got to the site where he had to enter personal data, which then fell into the hands of the attacker.
Recently, Cybernews researchers were rewarded for their attempts to unravel the fraudulent network when they received a warning from a colleague Aidan Rainey that malicious links were being sent to users. During further investigation, it turned out that thousands of phishing links were distributed through a complex network covering the internal channels of the popular social media platform. If the researchers had not taken action, the victims of fraudsters could have become much more than half a million.
In his statement, Rainey said that he found out the purpose of the fraudsters’ servers, where the code is located and was able to figure out how to identify additional servers. The researcher used this information and the website urlscan.io to search for other phishing links, and then passed the data to Cybernews.
After carefully examining the servers associated with phishing links, Cybernews researchers found a page transmitting credentials to devsbrp.app. There was found a banner with the inscription “panelfps by braunnypr” attached to the control panel.
Repeated keyword search brought a group of researchers directly to the developer of the panel and banner. After learning his email address and password options, the researchers gained access to a website that turned out to be the command and control center for most phishing attacks. This allowed us to obtain information about the perpetrators of the phishing scam on Facebook and transfer it to the CERT of the Dominican Republic, where the fraudulent campaign began.