Computer pirates can put fake ads on Brazil’s Instagram

The target, the owner of Instagram and Facebook, corrected two security deficits that affect the creation of advertising on a social photo network in March this year. According to developer Renato Amaral, TecmundoCyber ​​criminals Create ads in any professional account Already available on Instagram and Facebook.

The security vulnerabilities affected not only Brazil, but also the accounts in the world.

Renato Amaral, who is the top 2 in the award ranking of the target (failure award programs), explains that the defects have already been confirmed by the security team of Mark Zuckerberg’s company and received two payments for a total of $ 99,000.

Technical details surrounding the violations did not emerge. According to Amaral, the target itself did not allow the offspring to be explained.

“Basically, failure was allowed to become advertisers in Instagram accounts, then you can create an advertisement and send a photo in the profile of professional accounts,” the developer explains. “The photo is not visible in the person’s feed because it is an advertisement photo, but published in the person’s account.”

What were the failures of Instagram and Facebook?

The developer states that Gaps contained a logic errorAnd this is not a CV (common security deficits and exhibitions) or programming error.

Amaral had the opportunity to create an ad on the Luiza profile, for example selling a product. It would become a product sold by Magalu himself in Instagram, but the connection would be wrong, Ama Amaral explains.

How about Instagram?

Even if technical details did not emerge, the coup appeared as follows:

• Victims (Instagram and Facebook users) get advertisements from X companies in Feed itself
• Advertising is legitimate, but the connection is fraudulent and takes a fake page
• The announcement does not appear in the E -commerce profile, it only appears in sacrifice feed

Cyber ​​culprit may be the following:

• Cybercriminal gets access to the advertiser’s store profile (eg Magalu)
• Cybercriminoso creates an ad on your profiles with a fake product image with a fake site connection.
• Victims receive advertisements in “Magalu” as an official ad.
• The fake advertising does not appear in the store (for example, Magalu) and they do not know that they are made on their behalf
• Cyber ​​guilty, personal data theft or financial data, collects what they set in a false connection

An unprotected attack

The fragility discovered by Renato Amaral was almost perfect blows: there was no way for the victim to protect himself in advance.

“Failure has affected all the accounts that affected almost all the major accounts of companies and impressives on Instagram. There was no one to be done. Even if they reached their accounts, this could not be excluded because it was a mistake, it was a broadcast connected to advertising without the possibility of excluding it.”

The developer also shows that cyber criminals are capable of excluding victims’ comments and checking participation in the false publication, but this point is not only very relevant to the target that focuses on the correction of both previously mentioned two failures.

Follow our special notebook to follow the main cyber security news and stay safe.