Security News > 2023 > May > Vietnamese Threat Actor Infects 500,000 Devices Using 'Malverposting' Tactics

A Vietnamese threat actor has been attributed as behind a "Malverposting" campaign on social media platforms to infect over 500,000 devices worldwide over the past three months to deliver variants of information stealers such as S1deload Stealer and SYS01stealer.

Malverposting refers to the use of promoted social media posts on services like Facebook and Twitter to mass propagate malicious software and other security threats.

The attack chain is highly effective as it creates a "Vicious circle" wherein the information plundered using the stealer is used to create an ever-expanding army of hijacked Facebook bot accounts that are then used to push more sponsored posts, effectively scaling the scheme further.

To slip under the radar of Facebook, the threat actor has been found to pass off the newly generated business profile pages as photographer accounts.

A majority of the infections have been reported in Australia, Canada, India, the U.K., and the U.S. The method through which the PHP-based stealer is deployed is said to be constantly evolving to incorporate more detection evasion features, suggesting that the threat actor behind the campaign is actively refining and retooling their tactics in response to public disclosures.

The findings come as Group-IB revealed details of an ongoing phishing operation that's aimed at Facebook users by tricking them to enter their credentials on fake copycat sites designed to steal their account credentials and take over the profiles.

News URL

https://thehackernews.com/2023/05/vietnamese-threat-actor-infects-500000.html