SilentFade
SilentFade is spyware that collects Facebook account credentials for facilitating the non-consensual display of corrupted advertisements. This threat uses semi-innovative obfuscation techniques for hiding itself and often installs through a bundle with other, illegally-downloaded software. Users should curate their download behavior for risky files and let dedicated anti-malware tools to handle the removal of SilentFade software.
The Not-So-Silent Advertisements Getting into Your Facebook
Social networking accounts' hijacking remains very profitable to threat actors and warrants potentially significant expenditure of programming resources. SilentFade, a Facebook hijacker and spyware threat whose Chinese group has ties to the Stresspaint campaign, shows just how much criminals are willing to invest in making money the 'wrong' way. This multi-purpose data collector uses creative means of funneling victims towards scam product purchases while hiding itself from security tools.
SilentFade's campaign is supposedly shutdown but may still circulate installers through known methods like bundling with Potentially Unwanted Programs (PUPs) or pirated software, such as the CorelDRAW Graphics Suite. The primary component of SilentFade that drops with the download may or may not be a Windows service, and, initially, targets the user's Facebook cookies and other credentials. The intention is to use this data, which it transfers to the threat actor's C&C server, for taking over the account and making it display unsafe advertisements.
What Else Chinese Spyware Has in Store for Social Platforms
SilentFade is far from low-effort software, and its threat actor traced back to the Chinese company ILikeAd Media International, places more than the minimum of effort into its programming. The spyware disguises its networking activity by geo-locating the accounts' owners and matching their location, blocks itself out of Virtual Machines, and stops notifications that could alert victims. Even the advertising content shows signs of obfuscation, with dynamic landing pages and other techniques dodging around ad-reviewing processes.
Facebook has since patched bugs and vulnerabilities related to SilentFade's campaign and taken action against it for, hopefully, terminating future attacks and ongoing advertisements. However, users could still be at risk, and the threat actor's prior experience with Stresspaint indicates long-term interests that aren't likely of flagging with mere legal intervention. Malware experts continue pointing out the links between pirated or illicit content and Trojans and other threats, which endanger users that seek something expensive for free.
Like any other Windows threat, compatible security solutions should flag and remove SilentFade, and are preferable for disinfecting compromised systems. Users also should consider changing passwords and other credentials that are likely to have passed into the possession of the threat's Command & Control servers and re-enable their Facebook notifications.
SilentFade goes to a lot of work to make money dishonestly. Even the illegal side of businesses have a work ethic, and those who think they can ignore the diligence of hackers with cash on the line will find themselves clicking on the wrong thing sooner, rather than later.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.