Objective: to counter the growing spread of fake news and disinformation against Paris and its Armed Forces. Parly: “We want to win the war before the war.”
Facebook French mobile users have been targeted by a “clickjacking” cyber attack. The cyber security researcher Lasq discovers that the malicious campaign posts the clicked link on the user’s wall, without authorization
Facebook has been targeted by a “clickjacking” cyber attack. A malicious campaign that posts the clicked link on the user’s wall without authorization. It has been discovered by a Polish cyber security researchers named Lasq. It exploits the vulnerability that resides in the mobile version of the social media to spread spam. The threat actor was Polish and the target were the French users. The cyber expert started to analyze the campaign after noticing that many of his friends published a link to a website with funny pictures. Before reach the official content, users had to declare that they were at least 16 years old. “”After you clicked on the button, you were indeed redirected to a page with funny comic (and a lot of ads).” Lasq wrote on his blog. “However in the meantime the same link you just clicked appeared on your Facebook wall.”
The social media downplayed the issue, but improved the detection system. Threats like this could let malicious actors spread malware documents or phishing sites in the platform, using influencers and famous people as a vector
The cyber security researcher reported the “clickjacking” cyber attack to the Facebook Bug Bounty program. The social media declined the issue, stating that for the action to be considered a security issue, it must allow attacker to somehow change the state of the account (so for example disable security options, or remove the account). But, according to ZDNet, last week improved the clickjacking detection system on mobile platform. However, threats like this kind of a worm are very dangerous. Bad actors like cybercrime or state-sponsored hackers could spread very fast malware documents or phishing sites, using as a vector famous persons or influencers with thousands of followers.