Operation Tripoli


Operation Tripoli (Jul 1, 2019)

A large-scale campaign has been distributing malware on Facebook for an unspecified number of years primarily targeting the country of Libya, according to Check Point researchers. The threat actors behind this campaign are utilizing the geopolitical and political pages themed around Libya that attempt to convince individuals to download malicious files. Researchers identified more than 30 Facebook pages distributing malicious links and some of the pages were found to have more than 100,000 followers. The objective of this campaign is to distribute malicious links and files, some of which are stored in services like Google Drive, or divert traffic to a compromised websites hosting the malicious files, infect a user, and steal sensitive information

Recommendation: This story is an example of social engineering tactics threat actors use to trick users into installing malware on their machines. All social media users should be cautious when accepting unknown user requests, and particularly cautious when receiving communication from unknown users. Even if callers state they are from the bank or another trusted entity, it is best practice to avoid giving any details over the phone and not access unknown websites that are given by the callers. If you are unsure about the legitimacy regarding security modules, contact your bank directly and ask, as well as speak to management to ensure that updates are necessary and genuine.

Indicators of Compromise (IOCs) associated with this story can be viewed by ThreatStream users here to identify potential malicious activity.