Meta takes action against cyberespionage groups that abuse its Facebook platform

In recent months, there have been several cases of cyberespionage in different countries that use Facebook as their means of contact. Given this, Meta takes action against them, which led to interesting discoveries about these hackers’ working methods; they were exposed in its Quarterly Adversarial Threat Report. Read the details in the following lines!

Read: Solana suffers a hack with losses of around USD $5 million

Meta takes action against the group Bitter APT

According to the Facebook parent company, Bitter APT is a group of hackers with “persistent and well-resourced” members. Despite not knowing much about each hacker and specific details of the group, Meta believes that the group operates from East Asia, although its origin is a mystery to date.

“Bitter used various malicious tactics to target people online with social engineering and infect their devices with malware,” Meta said in its report. “They used a mix of link-shortening services, malicious domains, compromised websites, and third-party hosting providers to distribute their malware.”

The group’s targets have been distributed in countries such as New Zealand, India, Pakistan, Bangladesh, and the U.K. Their method is not only simple, but it is incredible how these cybercriminals manage to deceive their targets. Their way of using Facebook is just to impersonate a beautiful woman, who, after gaining the target’s trust through a series of conversations, they invite them to download a chat app.

The interesting and novel thing is that they use Apple TestFlight to download their iOS chat. This way, very few distrusted the link or the app since TestFlight is a very legitimate site being used for beta-testing, and giving feedback to the developers of new apps for better functions and other details.

“This meant that hackers didn’t need to rely on exploits to deliver custom malware to targets and could utilize official Apple services to distribute the app in an effort to make it appear more legitimate, as long as they convinced people to download Apple Testflight and tricked them into installing their chat application,” Meta’s team said.

The final functions of the app are not known with certainty, only that it is suspected of being used to closely monitor targets through chat rooms with these “beautiful girls” they met through Facebook. From what has been seen, the app is designed specifically for this.

This group is also associated with the malware for Android known as Dracarys. According to The Hackers News, this malware “abused the operating system’s accessibility permissions to install arbitrary apps, record audio, capture photos, and harvest sensitive data from the infected phones such as call logs, contacts, files, text messages, geolocation, and device information.”

Finally, Meta knows that the group is taking great care of tracking by putting broken links, QR codes, or images with hyperlinks. More details of Bitter APT are expected soon. For now, it only remains to applaud the work of Meta’s researchers, who work every day for better use of their platforms.

Keep in touch with our blog to read the latest news and innovations in the cybersecurity world.