How Facebook Page “likes” are “hacked”

Hey guys,

So today while browsing around the one-giant-social-network, I noticed a particular Facebook Page which seems to have generated a conspicuously big amount of “likes” in just a matter of hours.

Plus, to my amazement, I found out that I was among the Facebook users that DID LIKE the page itself!!!

You see, not that I’d have any reason to be blabbering about my personal side here, but, I’m sure even in my highest-to-ever-be-recorded state of being high or drunk, I’d have never ever, ever, ever facebook-liked a page with posts about life & love dramas – at the very least I wouldn’t ever, ahem, do anything like that publicly.

So why am I on the “like list” of this page?

If you’re reading this, chances are that you’re either my Facebook friend OR you’re in the internet industry, and if you’re in the internet industry, chances are that you know it better than anyone that Facebook does a very good job of preventing its users from spamming “likes”, especially Page likes.

In short, one can never like a Facebook Page programmatically.

Which means the only way to do this is to actually have human users clicking on the “like button” somewhere. Now has anything crossed your mind yet?

But yes, you got it right. Facebook Social Plugins.

Now without further ado, allow me to reproduce the crime scene (please click on the images for a bigger size):

obfuscated malicious javascript function wrapped inside 'eval'

As you can see, the little code snippet above is used to dynamically insert an obfuscated function into the javascript domain.

After deobfuscated, the function explains itself nicely just like a little cute puppy:

malicious javascript function after deobfuscated

*Please notice that normally I’d blur away any concrete URL or information that might lead to any individual involved, but since this webpage has to do with scamming and the scammer themselves, I figure it’d just be fair. Also, you’re reading this at your own risk.

If the screenshots were tl;dr to you, the script basically:

  1. keeps track of whether the “victim” has liked the Facebook Page yet, using a cookie: if the cookie isn’t found, cool, let’s go on with this “likable sabotaging”.
  2. dynamically inserts a Facebook Social Plugin into the ‘body’ of the webpage. Needless to say, this Social Plugin would display a visible “like button”, UNLESS it’s hidden away by a simple use of CSS styling.
  3. very “elegantly” registers a global “mousemove” event so that no matter where the user moves their mouse, the aforementioned “like button” would position itself right under the pointer. Hence, whenever the user clicks, they actually click on the “like button” (without knowing a thing), liking the Facebook Page in the process. After that’s done, the cookie is registered, effectively “curing” the user from this “zombified” state for, uhm, 365 days. (Yay, 365 days, not just 28 days or 28 weeks later. Thanks, Good Guy “Hacker”!)

And so that’s how they accumulated a large amount of likes, let alone causing random trauma of boyfriends / girlfriends everywhere catching their poor zombie lovers liking a “rather inappropriate” Facebook Page.

I’m not sure if this trick is new or has been there for ages, but having worked in the Social Media industry myself, I could say I don’t feel healthy at all knowing these are happening around us. After all, money should be earned via real work, real achievements, not speculated numbers, as that, little by little, would eventually lead our economy back into the next and the original Apple age – that of Adam and Eva’s.

2 thoughts on “How Facebook Page “likes” are “hacked”

    1. Hi Linn,

      May I ask what you meant by “third party software”? As far as I know there isn’t any kind of software or application that helps you automatically increase your fan page likes. The method discussed above involves placing a “hidden” like button on various websites around the internet, thus having innocent internet users like a fan page without their own consent.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s