For Meta executives, the cup is visibly full. Faced with a group of hyperactive hackers specializing in phishing, they decided to file a complaint in a California court. It must be said that the hackers have pushed the plug a little far. Happily impersonating Meta’s various brands, they created more than 39,000 fake websites in the space of three years. Available in different languages, these certified copies had only one goal: to encourage the user to enter his username and password. It’s the classic shot, but on an industrial level.
Recovered by The Verge, the indictment gives details of the hackers’ modus operandi. In order to confuse the issue, they used the “Ngrok” proxy service, which allows web services to be exposed through a secure tunnel. Originally, this service was created for developers so that they can easily test web applications in complete security, without having to worry about network settings. For hackers, this service has a double advantage. This allows them to hide the real location of their malicious web servers and they do not need to create and manage domain names, as all URLs are owned by Ngrok and end with “ngrok.io”. By subscribing to the paid offer, they can even personalize these URLs and make the deception more effective. Here is a real example: facebook.in.ngrok.io.
Also to discover in video:
Meta alerted Ngrok who suspended thousands of malicious URLs. It remains to be seen whether this lawsuit has any hope of success. No one knows who this massive phishing campaign is behind it. The fake sites were probably hosted by a bulletproof provider under a false identity. It will be difficult to go back up the slopes. If you do not try you will not succeed.