Facebook sues four Vietnamese nationals for hijacking accounts
Catalin Cimpanu June 29, 2021

Facebook sues four Vietnamese nationals for hijacking accounts

Facebook sues four Vietnamese nationals for hijacking accounts

Social networking giant Facebook has filed two lawsuits today against two suspected criminal groups that abused its advertising platform for their own gains.

The first lawsuit was filed against four Vietnamese nationals for hijacking user accounts and the second against a US company for running an e-commerce bait-and-switch scam.

In the first lawsuit, Facebook said that:

  • Four individuals from Vietnam used a technique known as “session theft” or “cookie theft” to gain access to the Facebook accounts of employees at multiple advertising and marketing agencies.
  • The four suspects used the hacked Facebook accounts to run unauthorized ads that promoted a malicious Android app named “Ad Manager for Facebook.”
  • The app contained malware that showed phishing screens that collect Facebook login credentials from users who installed it.
  • The app was hosted on the official Google Play Store and was installed more than 10,000 times between December 2020 and May 2021.
  • The four suspects ran Facebook ads worth more than $36 million to promote this malicious app.
  • Facebook said it refunded the victims whose accounts were abused and is now seeking to regain the lost funds from the four.

In the second lawsuit, Facebook said that:

  • A California-based company named N&J USA Incorporated ran deceptive ads on Facebook for clothing, watches, and toys.
  • When users clicked the ads, the company redirected users to a payment page but never delivered the products or delivered products of inferior quality.
  • When users complained, Facebook said the company blocked or hid negative comments from their official page.
  • Facebook said this is the company’s first lawsuit against a bait-and-switch scheme that ran on Facebook.

The two lawsuits today are just the most recent cases the social network has filed over the course of the past three years against entities that have abused its platform for various forms of cybercrime. Previous cases include:

Catalin Cimpanu is a cybersecurity reporter for The Record. He previously worked at ZDNet and Bleeping Computer, where he became a well-known name in the industry for his constant scoops on new vulnerabilities, cyberattacks, and law enforcement actions against hackers.