Ad-Laundering is a new tactic for exploiting social media platforms to spread fake news and fraud via legitimate users. As Facebook and other social media platforms have faced pressure to stem the flow of fake news, they have begun to make it more difficult for fake accounts to buy ads on their platform. As a result malicious groups have pivoted from creating fake accounts to bribing people with real profiles into enabling their dirty deeds. While the overall strategy of targeted manipulation via ads is well known, adÂlaundering is creating new headaches for social media platforms looking to balance income and integrity.
In this presentation we will cover how I stumbled across this technique, identified various similar campaigns, and an analysis of their approach for enabling access to target accounts. Additionally any IOCs will be made available.
John Amirrezvani (@trojawn) is a security researcher with Novetta and alumni of Whitehatters Computer Security Club at USF. He has taught workshops at BSidesLV and BSidesNoVA.