Would You Like Malware with Your Grumpy Cat Meme?

iStock-648325934-malware-300x169Social media companies like Facebook and Twitter have written “white papers” and devoted considerable resources to projects intended to create services that encourage trust and a sense of familiarity on the part of users. Messages, photos and personal information are easily shared with groups of friends and co-workers, or in response to solicitations tailored to a user’s trusted brands, thus creating an environment of perceived safety and intimacy among users. However this communal atmosphere can be, and often is, exploited by “black hat” hackers and malware that lurk behind a façade of trust. In its April 27, 2017 White Paper entitled “Information Operations and Facebook,” and its September 6, 2017 “An Update on Information Operations on Facebook,” the company noted that there are, “three major features of online information operations that we assess have been attempted on Facebook.” Those features include: (1) targeted data collection such as hacking or spearfishing; (2) content creation including the creation of false personas and memes; and (3) false amplification by creating false accounts or using bots to spread memes and false content which, in turn sow mistrust in political institutions and spread confusion. Ironically, these techniques used to spread “fake news” and malware designed to amplify divisive social and political messages, are enhanced and made effective by the very environment of trust cultivated by social media sites.

For example, although Facebook and other social media providers devote considerable resources to scrub the service of scams and pornography, “black hat” hackers have adopted a technique of “cloaking” malicious content by using AI to display a benign site to reviewers while redirecting users who click the same link to a different site altogether. Often the redirect is to offers of services and items not permitted by Facebook’s rules, or to “clickbait” that entices the user to select a link that installs malware on the unsuspecting user’s computer.

Other attacks on social media include “waterhole attacks” where hackers plant malware on websites frequented by groups of affiliated users in order to infect these users’ devices and computers with malware designed to spread quickly throughout the victims’ working (or home) data environment, and, having done so, collect data and access codes.

In the Syrian conflict, rebels reportedly set up fake social media sites appearing to belong to female supporters. The false sites would request photos from the state fighters and respond with (fake) photos of young women containing malware designed to infect the fighters’ network and to capture personal and tactical information once downloaded.

Other techniques used to infiltrate computing environments and steal data include:

  • Likejacking – where fake “like” buttons are used to install malware;
  • Fake apps – that trick users into installing phony apps that steal access credentials;
  • Fake plug-ins – designed to induce users to install browser “updates” which, in fact, are designed to steal propriety information stored on connected computers.

The latest revelations involving Cambridge Analytica raise the stakes even higher. It’s important to remember that most “innovations” in the weaponization of information use and misuse really are old tricks applied in new ways. As social networks become a hub for delivery of news, entertainment and even communication services designed for consumers, they also have become an often permanent tool used by hackers and social engineers intent on misappropriating personal information and business secrets. As such, it’s important to keep apprised of and alert for “older” methods of misbehavior even as newer techniques are revealed.

Or, to quote President Ronald Reagan, “Trust, but verify.”