Crimeware-as-a-Service Hack Turns Potential Hackers Into Victims

  /     /     /  
Publicated : 22/11/2024   Category : security


Crimeware-as-a-Service Hack Turns Potential Hackers Into Victims


Cybercriminals are using Google Docs to host a new Facebook scamming tool, which is designed to steal credentials from potential hackers who try to access other users accounts.



A newly discovered crimeware service is turning potential hackers into cybercrime victims through new Facebook hacking tools hosted on Google Drive.
The cybercriminals behind the crimeware-as-a-service (CaaS) offering are using Google Drive to host tools for scamming and phishing Facebook accounts. These tools are designed to steal credentials from people who attempt to hack other users accounts on the social network.
Several versions of these tools have been discovered on Google Drive by Blue Coat Elastica Cloud Threat Labs (BCECTL), which is now part of Symantec.
CaaS enables hackers to automate their illegal activity online. The phishing tools discovered by BCECTL are typically used to steal account information from a broad range of targets.
When they deploy this CaaS service, it becomes very easy for users to conduct cyberattacks, explains BCECTL director Aditya Sood. Common use cases include distributing malware, stealing data, targeting specific users, and conducting social engineering attacks.
As BCECTL discovered, cybercriminals are now using Facebook hacking tools to target end-users and trick them into sharing their Facebook account credentials. However, this social engineering attack has potential criminals in mind -- the tool promises victims the opportunity to hack their friends.
Its important to note this is not a hacking tool designed to exploit Facebook flaws, but rather, is a scam being sold as a service. The process involves hackers abusing the web publishing functionality included in cloud services; in this case, that service is Google Drive.
For example, one version of the tool allows an attacker send its hacker customer a Google Drive link that takes them to a Facebook Friends Account Hacker document. Before they can hack a friends account, the user has to provide their Facebook login credentials.
When their account info is entered, its sent back to the attacker-controlled domain, meaning the aspiring hackers data has been stolen. The tool continues to trick the user into thinking its securing access to their friends page, but this never happens.
Hackers primarily use CaaS to make money by selling stolen credentials on the underground market, which is one goal of the Facebook hacker tool. They can also use information from compromised cloud storage accounts, or free cloud accounts, for illegal activity.
This CaaS hack is putting enterprise account holders at risk as well. Hackers can target business users, steal their online credentials, and use them to conduct other attacks in the future.
As more businesses adopt cloud services, its an important risk to bear in mind because most people are on social media. Businesses may claim they dont allow access to social networks, but Sood notes this is unrealistic.
We are living in a world where these social networks have become part and parcel of our lives, he emphasizes, and hackers know this. Cybercriminals can abuse this information and other tools, and sell that access to users.
To prevent this type of attack from affecting enterprise users, Sood suggests IT managers educate their teams by sharing upcoming attack scenarios and how new attacks are being conducted. He also advises leaders to discourage employees from downloading unauthorized tools and using business accounts for personal use.
In the event an employee account is compromised and unwanted activity is detected, the first step is to contain the infection, he says. Managers should send emails to all affected users and their team members, informing them of the activity and telling them not to access the account.
Sood also stresses the importance of having a cloud security solution in place to mitigate the risk of CaaS threats. Its critical for IT managers to ensure they have full visibility into cloud apps.
Related Content:
Why Social Media Sites Are The New Cyber Weapons Of Choice
Malware Markets: Exposing The Hype & Filtering The Noise
HackProof Systems Challenges Hackers To Breach Server Security

Last News

▸ Car Sector Speeds Up In Security. ◂
Discovered: 23/12/2024
Category: security

▸ Making use of a homemade Android army ◂
Discovered: 23/12/2024
Category: security

▸ CryptoWall is more widespread but less lucrative than CryptoLocker. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Crimeware-as-a-Service Hack Turns Potential Hackers Into Victims