Security News

Facebook removes Russian propaganda networks

Avast Security News Team, 1 November 2019

Plus, Android users are hit with unremovable malware, Magecart attacks the American Cancer Society, and 21M login credentials to Fortune 500 accounts are for sale on the dark web

Facebook Head of Cybersecurity Policy Nathaniel Gleicher announced on October 30th that the social platform has removed three networks of accounts believed to be misleading users throughout eight countries in Africa – Sudan, Libya, Madagascar, Central African Republic, Mozambique, the Congo, Côte d'Ivoire, and Cameroon. In total, the three networks were comprised of 66 Facebook accounts, 83 Pages, 11 Groups, and 12 Instagram accounts. Together, they netted over 1.1 million followers. Content promoted by the networks centered on support for Russian foreign policies, US-Russian relations, criticism of French and US policies, and support for the Gaddafi regime. Stated Gleicher, “We’re constantly working to detect and stop this type of activity because we don’t want our services to be used to manipulate people. We’re taking down these Pages, Groups and accounts based on their behavior, not the content they posted.” 

All three networks have been connected to Russian financier Yevgeniy Prigozhin, who was previously indicted by the United States for running a “troll factory” intent on influencing the 2016 presidential election. Gleicher admitted that it’s an ongoing challenge to root out fake accounts that misrepresent the people behind them, but he maintained that Facebook is committed to continually improving its vigilance. Avast Security Evangelist Luis Corrons commented that users have a responsibility, too. “With millions of users on Facebook, it is inevitable that people use the platform to spread fake news and mislead users. It has happened, it is happening and it will continue to happen. That's why we as users have to be extremely cautious and be suspicious of every link and piece of news we read that does not come from a known and trusted source.”

xHelper – the Android malware that won’t die

A strain of malware first spotted in March 2019 now appears to be unremovable. ZDNet reported that the xHelper malware infects devices via web redirects that point users to a selection of third-party apps outside the Play Store. These apps, once installed, download the xHelper Trojan. The malware spams the user with notifications and pop-ups that direct the user to the Play Store, where the malware authors make pay-per-install commissions on anything the user downloads. While this spam operation is not overtly destructive, the malware also contains a feature enabling it to download apps without the user’s consent, which could lead to more harmful attacks in the future. 

The strangest aspect of xHelper, however, is that it somehow continually reinstalls itself regardless of how the user tries to remove it. Nothing seems to work, including deleting the app, deleting the malware, disabling apps, and doing a factory restart. Some users have claimed success using paid mobile antivirus solutions, but the malware’s constant evolution keeps it regularly thwarting security measures that once blocked it. In the first six months of its lifespan, xHelper has infected 45,000 devices. It continues to spread at an average of 131 victims per day.

This week’s quote

“How can AI help us to live free, safe, and secure? We can solve this riddle.” – Avast CTO Michal Pechoucek, speaking to the sold-out CyberSec & AI conference in Prague. Read more

Card skim malware targets American Cancer Society store

The notorious consortium Magecart has been discovered skimming payment card info from the American Cancer Society online store, Survivor Net reported. Security experts identified and analyzed the malware, finding that it constantly monitors for checkout transactions, then uploads a skimming code from a Russian server that grabs the payment card details. Once the American Cancer Society was notified, the malicious code was removed from the website. 

This week’s stat 

As few as 30,765 changed votes could have altered the outcome of the 2016 U.S. presidential election outcome, Alex Halderman, a computer science professor at the University of Michigan, told CyberSec & AI Prague conference attendees. Read more

Over 21M login credentials to Fortune 500 companies leaked

Over 21 million login credentials Fortune 500 companies are for sale on the dark web, Bleeping Computer reported this week. About 10 million belong to companies in the tech and financial industries, and approximately 75% of the credentials were harvested in the past year. Of the 21 million passwords collected, only about 5 million were unique – the rest were either default passwords or multiple uses of the most common passwords, such as “password” and 123456.

This week’s ‘must-read’ on The Avast Blog

Who owns your digital data? The answer might surprise you. Chess legend and Avast Evangelist Garry Kasparov dives into Supreme Court history to explain how some laws have evolved with our cultural behavior while others haven’t. Learn more


Avast is a global leader in cybersecurity, protecting hundreds of millions of users around the world. Protect all your devices with our award-winning free antivirus. Safeguard your privacy and encrypt your online connection with SecureLine VPN. Get advertisers off your back and disguise your online identity for greater privacy with Avast AntiTrack.