• Login
    • Search
    • Categories
    • Recent
    • Tags
    • Users
    • Groups
    • Rules
    • Help

    Do more on the web, with a fast and secure browser!

    Download Opera browser with:

    • built-in ad blocker
    • battery saver
    • free VPN
    Download Opera

    New "likebot" malware targeting Facebook and Instagram in Opera?

    Opera for Mac
    1
    1
    277
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • gentleminty
      gentleminty last edited by

      So a few days ago my Instagram account was suspended due to suspicious activity, and I found that it had been spewing out (presumably bought) likes to random posts over two weeks, literally thousands of them, and I could see them rolling out live in the "posts you've liked" tab. I also found the same type of activity on my Facebook account, although to a much lesser extent. This is my first (apparent) intrusion in over ten years, so the whole thing really took me by surprise as I'm quite literate when it comes to internet security.

      Despite the apps not recording any login activity other than my own, I started with the assumption that my passwords were acquired from a leak, and subsequently changed them along with my recovery emails, and added two-factor authentication to be sure. But to my surprise, the activity continued. I changed my passwords again just to be sure, and then shifted my focus towards looking for malware in my Macbook Pro, and iPhone. Neither Integos Virus Barrier, Kaspersky Internet Security, Malwarebytes or Etrecheck found anything whatsoever.

      However, I did find that I was able to turn on and off the likeing activity on Instagram by logging out of it in Opera (which counts as its own "device"), and I can even control it by specifically permitting or blocking the internet access of the Instagram related subtasks of Opera Helper (i.e. a tab or the sidebar "messenger"). So the malware seems to be specifically using and targeting Opera, or at least Chromium.

      I haven't downloaded any suspicious software, extensions, or Flash Player updates; although I can't rule out worms or trojans sneaking in with legitimate extensions or software, or being fooled by some sort of a well performed redirect. I've removed all browsing data (overkill but why not), and removed the Instagram sidebar "messenger".

      Are there any current previously known malware with this behaviour? And do you have any further suggestions on what do to next, other than say going for the nuclear option and reformatting my SSD? I'm really baffled and curious about what this is and how it's achieving this.

      Macbook Pro 13-inch 2017
      MacOS Catalina 10.15.7
      Opera version 71.0.3770.198

      Default security settings

      Installed extensions (all installed at least a year ago):

      • Lastpass
      • Install Chrome Extensions
      • Zotero Connector
      • Opera Adblocker
      Reply Quote 0
        1 Reply Last reply
      • Locked by  leocg leocg 
      • First post
        Last post

      Computer browsers

      • Opera for Windows
      • Opera for Mac
      • Opera for Linux
      • Opera beta version
      • Opera USB

      Mobile browsers

      • Opera for Android
      • Opera Mini
      • Opera Touch
      • Opera for basic phones

      • Add-ons
      • Opera account
      • Wallpapers
      • Opera Ads

      • Help & support
      • Opera blogs
      • Opera forums
      • Dev.Opera

      • Security
      • Privacy
      • Cookies Policy
      • EULA
      • Terms of Service

      • About Opera
      • Press info
      • Jobs
      • Investors
      • Become a partner
      • Contact us

      Follow Opera

      • Opera - Facebook
      • Opera - Twitter
      • Opera - YouTube
      • Opera - LinkedIn
      • Opera - Instagram

      © Opera Software 1995-