Security News > 2023 > September > Vietnamese Hackers Deploy Python-Based Stealer via Facebook Messenger

Vietnamese Hackers Deploy Python-Based Stealer via Facebook Messenger
2023-09-11 14:22

A new phishing attack is leveraging Facebook Messenger to propagate messages with malicious attachments from a "Swarm of fake and hijacked personal accounts" with the ultimate goal of taking over the targets' accounts.

"Originating yet again from a Vietnamese-based group, this campaign uses a tiny compressed file attachment that packs a powerful Python-based stealer dropped in a multi-stage process full of simple yet effective obfuscation methods," Guardio Labs researcher Oleg Zaytsev said in an analysis published over the weekend.

The threat actor's links to Vietnam comes from the presence of Vietnamese language references in the source code of the Python stealer and the inclusion of Cốc Cốc, a Chromium-based browser popular in the country.

Achieved MFA? PAM? Service account protection? Find out how well-equipped your organization truly is against identity threats.

The disclosure comes days after WithSecure and Zscaler ThreatLabz detailed new Ducktail and Duckport campaigns that target Meta Business and Facebook accounts using malverposting tactics.

"The Vietnamese-centric element of these threats and high degree of overlaps in terms of capabilities, infrastructure, and victimology suggests active working relationships between various threat actors, shared tooling and TTPs across these threat groups, or a fractured and service-oriented Vietnamese cybercriminal ecosystem centered around social media platforms such as Facebook," WithSecure noted.


News URL

https://thehackernews.com/2023/09/vietnamese-hackers-deploy-python-based.html

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Facebook 30 2 44 52 19 117