Level 61
Content Creator
Malware Hunter
Facebook has been exploited to act as a distribution platform for a set of Remote Access Trojans (RATs) for years, researchers say.

According to Check Point Research, a "large-scale" campaign has been operating under Facebook's radar since at least 2014 throughout a campaign related to politics in Libya.

The aim of the operation has been to spread RATs including Houdini, Remcos, and SpyNote. Tens of thousands of victims from Libya, Europe, the US, and China are believed to have been compromised.

The threat actor behind the campaign has used the political turmoil in Libya to their advantage. Libya's National Army commander, Khalifa Haftar, has been impersonated for years and a page apparently operated by the public figure was actually a central point for the distribution of malware.
Check Point made Facebook aware of its findings into this vast campaign and the connected pages and accounts have since been removed.

A Facebook spokesperson told ZDNet:
"These Pages and accounts violated our policies and we took them down after Check Point reported them to us. We are continuing to invest heavily in technology to keep malicious activity off Facebook, and we encourage people to remain vigilant about clicking on suspicious links or downloading untrusted software."