• Sun. Oct 15th, 2023

Hackers Spy on South Asian Users Through Meta`s Instagram and Facebook

Avatar photo

ByEsme Greene

Aug 15, 2023
Hackers Target South Asians on Meta Platforms
Esme Greene
Latest posts by Esme Greene (see all)

These operations typically involve sophisticated attacks that are designed to steal sensitive information from Meta’s servers, such as user data or intellectual property. 

In response, Meta has implemented a range of security measures to detect and prevent such attacks. In particular, Meta has reported stopping several large-scale cyber-espionage operations on its platforms Facebook and Instagram.

Threat Actors

Recently, specialists at Meta uncovered massive cyber espionage campaigns on its platforms Facebook and Instagram that were aimed at users from South Asia. The attacks were carried out by three different Advanced Persistent Threat (APT) groups, each using hundreds of fake social media accounts to deceive users and steal sensitive information.

One of the tactics used by the APT groups was the creation of fake accounts using a “Romance scam” scheme. They also created fake accounts disguised as recruiters, journalists, or military personnel. 


One of the APT organizations that caught Meta’s notice is a Pakistan-based organization that infected armed forces in India and Pakistan through a network of 120 Facebook and Instagram profiles, rogue applications, and webpages. 

The gang employed the GravityRAT malware as their harmful program. This trojan entices potential victims by disguising itself as leisure and cloud storage programs. The virus may steal important information, including passwords, emails, and messages, once it has been installed on a victim’s device. Additionally, it can install additional spyware onto the device, track keystrokes, and capture screenshots.


Bahamut is another Malware group connected to the ATP that Meta discovered. This organization has been employing a range of strategies, including the use of Android malware available on the Google Play Store, to target activists, government employees, and military personnel in India and Pakistan.


One more APT organization that has been focusing on users in South Asia and elsewhere is called Patchwork. Using malicious applications posted to the Google Play Store, this Indian organization has been gathering private user information from victims in Pakistan, India, Bangladesh, Sri Lanka, Tibet, China, and other nations.

Other Ransomware Campaigns

The administration additionally stopped six illicit activities that were part of a “coordinated operation” on Facebook, Twitter, Telegram, YouTube, Medium, TikTok, Blogspot, Reddit, and WordPress and had their origins in the United States, Venezuela, Iran, China, Georgia, Burkina Faso, and Togo.

Avatar photo

Esme Greene

Esme brings a wealth of knowledge and experience to our website, specializing in all aspects of DarkWeb security. With a deep understanding of the intricate workings of the DarkWeb and its associated cybersecurity risks, Esme curates insightful and informative content for our readers.