SilentFade is a trojan that was used to hack social media accounts. Rather than stealing the accounts, the cybercriminals behind SilentFade used them to display ads, paying for the advertising with money stolen from the account owners.
Although SilentFade has had its wings clipped, it appears to still be spreading online and infecting Windows computers. This malware is able to steal login credentials and social media account access, so it is quite a dangerous threat.
Silentfade Spyware quicklinks
- How to recognize SilentFade
- How SilentFade works
- SilentFade is used to commit ad fraud
- It spreads with pirated software
- How to delete SilentFade
- Automatic Malware removal tools
|SilentFade infection symptoms||Your social media accounts posting unfamiliar ads,
unexpected expenses by your social media accounts,
missing social media notifications.
|How trojans infect computers||Bundled with pirated programs and with free programs downloaded from unofficial websites.|
|How to remove SilentFade||Use antivirus scanners (Spyhunter, Malwarebytes, others) to remove the malware,
review your Facebook settings and make sure that everything is the way you want it to be,
review your recent spending on social media accounts.
How to recognize SilentFade
SilentFade is a Windows trojan that currently mostly affects users in Southeast Asia.
SilentFade messes with browser files and steals saved credentials. It also changes account settings in the social media accounts, like Facebook and Instagram, that it hijacks.
If the SilentFade trojan has infected your device, here are some things that you may notice:
- Unfamiliar ads are posted by your account.
- Your credit card or another payment method shows unexpected expenses on social media.
- You stop receiving notifications from your social media accounts.
SilentFade can steal cookies which include session tokens. As a result, attackers could log in to the hacked account without triggering multi-factor authentication.
Facebook discovered this ad fraud campaign and stopped it back in 2019 (SilentFade: unveiling Chinese malware abusing Facebook ad platform). This malware was active at the beginning of 2019, but related malicious activity was also seen back in 2016.
But even though SilentFade was stopped, it is still being detected by antivirus programs (SilentFade malware attacks ramp up in Southeast Asia). Perhaps it’s still floating around the web, the old infected installers still available for download. Or maybe it’s being promoted by a new malicious gang.
How SilentFade works
SilentFade is used to commit ad fraud
SilentFade is a trojan that was used to steal social media credentials and hack people’s social media accounts, specifically Facebook and Instagram. It’s possible that SilentFade affects accounts on other websites, too. It’s similar to CopperStealer – another trojan focused on social media and ad fraud.
The SilentFade trojan was used to defraud those people who had a payment method attached to their accounts. In addition, popular accounts (lots of followers, friends) were more useful it was to the SilentFade gang.
Sometimes, if no payment method was attached to the hacked account, stolen credit cards would be used to pay for the fraudulent ads.
Stolen accounts would be used to spread iffy, even scammy ads. The types of ads that you would see on Best-invest-4all.com, Worldwide-breakingnews.com, or Readreadsnew.com. SilentFade would use the hacked accounts to show ads for diet pills and other shady products. These ads use completely made-up stories and abuse celebrity images to sell their products.
To stop account owners from discovering the hijacking, SilentFade would disable Facebook notifications and security alerts.
It spreads with pirated software
The SilentFade trojan was spread with fake downloads for various commercial programs and with adware bundles. Fake download sites would advertise a popular program and offer it for free – however, instead of the advertised program, the SilentFade trojan was downloaded instead.
In addition, SilentFade was advertised by malicious redirects. This is when an abandoned website (like an old blog) gets infected with malicious code to automatically forward visitors to another, malicious website.
How to delete SilentFade
If your current antivirus scanner failed to detect the trojan, it could have been harmed by the trojan during the infection. You could reinstall it, validate its installation, check the updates to make sure that all of its files are there and that it doesn’t have any unwanted exceptions added to its whitelist.
Since the SilentFade trojan messes with browser files (or at least with Chrome), it’s advised to reinstall your web browsers:
- For Chrome, follow these removal instructions: Support.google.com. Then, run a new Chrome installer.
- Edge is a bit more complicated to remove: Support.microsoft.com.
- Firefox installation instructions: Support.mozilla.com.
Once SilentFade is gone, log out of all devices. Then, log in and reset your credentials.
Automatic Malware removal tools