SITUATION
A major global technology company had identified a number of advertisements across social media channels that prominently featured their branding, trademarks, and imagery, but had not been created by the company. The company suspected these advertisements were directing users to download malware under the pretense of downloading a legitimate software tool. The company’s counsel sought to bring litigation against the perpetrators and engaged FTI Cybersecurity to conduct an independent assessment of the pages, posts, files, and potentially victimized users associated with the apparent scheme.
OUR ROLE
FTI Cybersecurity conducted an open-source investigation of the provided social media posts and profiles, including their history, levels of engagement from users, and audience demographics. FTI Cybersecurity experts completed static and dynamic analysis of each sample. All of the examined samples were determined to be malicious in disposition, with the majority being conspicuously similar in characteristics and behavior, indicating that they were part of the same campaign. When triggered by a victim, these samples would install within the victim’s browser and proceed to steal sensitive information from the browser’s local storage.
OUR IMPACT
FTI Cybersecurity determined with high confidence that all but one of the reviewed pages and malware samples were part of a single “malvertising” campaign involving social media account takeovers. The company’s counsel was ultimately able to file a complaint in the U.S. District Court for the Northern District of California against three unnamed conspirators, likely based in Vietnam.
The company’s counsel, with the support of an expert witness testimony from FTI Cybersecurity, filed a motion to serve the defendants by email, given the lack of names or addresses available.