Not all attractive promotions and discounts advertised on Facebook are real. Experts recently discovered an attack campaign to steal credit card information on users' phones.

Hackers have created a network of 608 websites impersonating e-commerce platforms or reputable manufacturing brands but with pre-installed MadMxShell and WorkersDevBackdoor viruses capable of stealing personal data and credit card information. Taking advantage of flaws in Facebook's content censorship, bad guys launched hundreds of advertisements about attractive promotions, luring users to click on links leading to the above fake website network.

To avoid detection, hackers create phishing links or emails leading to impersonated sites that often have characters similar to the original site. For example goodgoo1ge@protonmail.com looks like “google.com”. If not observed carefully, users will easily fall into hacker traps.

Bkav experts recommend:

Avoid clicking on links of unknown origin

Before clicking, carefully check the links to make sure they do not contain strange characters. Malicious links often have domain names similar to the real link, for example "G00gle.com", "g00ogle.com" instead of "google.com".

Always be wary of great promotions and offers because they are mostly scams or poor quality products

Bkav