Check your phone! Surveillance firm accused of spoofing Facebook to spread spyware

May 22, 2020

By Kim Komando

You might think malware is the kind of thing you only run into while visiting the seedier parts of the web. Mainstream websites, you tell yourself, wouldn’t have the same kind of risks as the Dark Web or free movie websites, right? Well, you’d be half right. Mainstream sites are usually safe — as long as the ones you’re visiting are the real deal.

The most dangerous phishing schemes and hacks on the internet make extensive use of fake websites to claim their victims. And the more convincing the fake, the more credit card numbers, email addresses and passwords the scammers can steal. Tap or click here to see how cybercriminals are using realistic-looking websites to trick you.

And now, you can count Facebook in the ranks of websites being impersonated. Only this time, it’s not hackers behind the operation but a foreign surveillance firm. If you made the mistake of visiting this Facebook lookalike, you could have had dangerous spyware installed on your device. Here’s how it happened.

I spy with my little eye

According to Vice’s Motherboard, NSO Group, the controversial Israeli company that sold its spying products to the killers of journalist Jamal Khashoggi, created a web domain that impersonated Facebook’s security team.

Visitors to the fake Facebook domain would be enticed to click links that would install a particularly dangerous variety of spyware called Pegasus. This software, also created by NSO Group, targets iPhone and Android devices alike. Once installed, it can steal texts and social media posts, as well as track your location and remotely activate the camera and mic.

This shocking revelation was exposed by an anonymous former NSO Group employee, who provided the malicious IP address and DNS records to Motherboard. The IP address resolved to 10 different innocent-looking domains during 2015 and 2016, including some convincing fakes like a FedEx package tracker.

Ultimately, the operation appears to have been cut short. Facebook obtained this IP and several others during a crackdown on fraudulent domains in late 2016.

Curiously, Facebook is still in a public legal battle with NSO Group due to its alleged exploitation of a vulnerability in WhatsApp. What the heck are these guys up to, anyway? Tap or click here to see how NSO Group’s spyware was previously stolen by a disgruntled former employee.

Spies and lies

NSO Group is one of several “private contractors” that can be hired as personal investigators or private intelligence firms. These entities tend to charge significant amounts for their work and are often employed by wealthy and powerful people to spy on enemies or dissidents.

NSO Group has been accused of aiding the Saudi Arabian government in the murder of journalist Jamal Khashoggi through the use of Pegasus malware specifically. NSO Group denies that their technology has been used (or can be used) on devices with American phone numbers.

Because of the VIP status of both NSO’s clients and victims, you probably don’t have to worry about being spied on by the Pegasus malware. And on the off chance you did fall for a phishing scheme, the group is probably not interested in what you’re doing or what you have to say.

You don’t pay a company like this hundred of thousands of dollars to spy on random peoples’ internet history, after all. Unless you’re a dissident journalist, an expatriate, a political radical, a head of state, or a billionaire, you’re most likely off NSO Group’s radar.

The real danger on Facebook

Just because you don’t have to worry about foreign spies doesn’t mean you’re totally safe on Facebook. More so than malicious hackers and scammers, disinformation and dishonest actors are some of the biggest problems plaguing the platform.

Since the debut of the debunked Plandemic documentary, numerous verified doctors have put out false or misleading information about the status of masks or vaccines in relation to COVID-19. Many of these doctors appear to be interested in building social media followings or selling products, as the science doesn’t back up what they’re peddling.

This misinformation ecosystem makes it even easier for scammers to take advantage of users who may be confused by all the noise. But thankfully, Facebook isn’t just standing by idly this time.

Facebook Messenger will send warnings when it detects possible impersonation.
Souce: Facebook Newsroom

According to Engadget, Facebook Messenger will now be alerting users when they’ve interacted with accounts suspected to be impersonators or scams. Facebook also hopes this tool may be useful in curbing the habits of online predators, who rely on impersonation to gain the trust of young people online.

Of course, Facebook wouldn’t even need to be doing this if fake accounts weren’t such an issue in the first place. Tap or click here to see the red flags to look out for when spotting fake accounts.

Between fake accounts and fake pages for Facebook itself, it almost feels dangerous to use the platform in general. But once again, these schemes are only effective if you fall for their tricks. If you’re skeptical, cautious and avoid getting cozy with strangers online, you can use the internet without fear. Just be careful what you click on.

https://www.komando.com/tips/cybersecurity/fake-facebook-spyware/