Meta

How We Protect Businesses From Malware

Takeaways

  • We’re sharing updates on our work to protect businesses that may be targeted by malware across the internet and tips to help people stay safe.
  • We recently disrupted a number of new malware families by taking down Facebook accounts, blocking hundreds of malicious links and reporting them to file-sharing and site hosting services, and referring individuals behind this activity to law enforcement.
  • We also rolled out multiple product security features to help protect business accounts from malware, including launching a new malware recovery tool for businesses who may have been targeted by malicious operations for ad fraud.

Today, as part of our quarterly threat reporting, we’re sharing updates on how our security, integrity and support teams help protect businesses against malware — one of the most prevalent threats across the internet. This includes a behind-the-scenes look at how we tackle this challenge from multiple angles at once: malware analysis and threat disruption, product updates, community support and education, information sharing with other companies and holding threat actors accountable. 

Last year, we shared our insights into malicious mobile apps that indiscriminately target the general public and were available in official app stores. Today, we’re publishing detailed findings into aggressive and persistent strains of malware targeting business accounts online. 

Because these malicious groups are financially motivated, we expect them to continue probing defenses by diversifying their operations to spread across the internet so they can withstand disruptions by any one company — ours included. That’s why we’re sharing our findings, tips and threat indicators so that the defender community and people using our services can take steps to stay safe. 

What We’ve Found

How Does Business-Targeting Malware Work?

Threat actors go through many stages to target businesses with malware — from developing or acquiring malicious software, to hosting it somewhere online, to spreading and delivering it to targets, and hiding it to evade detection by companies like ours. This complexity makes the threat of business-targeting malware an ecosystem challenge, requiring a concerted effort to combat these malicious operations across our entire industry.

While attack scenarios may vary, threat actors typically disguise malware within innocuous-looking files, as well as mobile apps or browser extensions available in official app stores. Like spammers, they latch onto popular topics like political news or the latest tech or business productivity tools  to hide their malware and trick people into clicking on or downloading it. 

For example, one of the campaigns we recently disrupted leveraged people’s interest in  Open AI’s ChatGPT to lure them into installing malware. In response to detection by our security teams and also our industry peers, we’ve seen bad actors quickly pivot to other themes, including posing as Google Bard, TikTok marketing tools, pirated software and movies, and Windows utilities. 

To target businesses, malicious groups often first go after the personal accounts of people who manage or are connected to business pages and advertising accounts. Threat actors may design their malware to target a particular online platform, including building in more sophisticated forms of account compromise than what you’d typically expect from run-of-the-mill malware.

For example, we’ve seen malware families that can attempt to evade two-factor authentication or have the ability to automatically scan for and detect connections between the compromised account and business accounts it might be linked to. See more details in our technical threat research.

Product and Support Updates

To help businesses stay safe across their Meta accounts, we’re continuing to roll out protections against malicious activity:

How to Know If Your Device is Affected

If you identify unusual behavior on your device or online accounts, it might be a sign that you may have inadvertently downloaded malware. Here are some telltale signs to look out for:

What to Do If Your Device is Affected

If you believe you’ve downloaded malicious software, we recommend that you delete it from your device immediately, scan your device with up-to-date antivirus software and follow these instructions to secure your personal and business accounts: