TechRadar recently reported that security researchers at Cybereason have discovered a campaign targeting Facebook and personal information of users in Vietnam.
Dubbed ‘Snake’, this campaign uses Facebook messages to deploy a tool to steal victim’s information. Hackers use a tactic of sending messages with enticing content to the recipient, such as mentioning that the victim’s video or sensitive images have been leaked. These messages include links to download RAR or ZIP compressed files.
This is a relatively new campaign discovered in August 2023, which appears to primarily target Facebook users in Vietnam.
Although seemingly harmless, these files would trigger a chain of infection related to two malware downloaders when the user downloads and opens the files. The batch and cmd commands would be executed. The cmd command is responsible for stealing personal information from the GitLab repository controlled by hackers.
Cybereason has identified 3 variants of ‘Snake’, with the third variant targeting users of the Cốc Cốc browser, a popular browser in Vietnam. The malware also targets Facebook accounts by extracting cookie information, allowing hackers to hijack accounts to spread the malware.
The repositories controlled by hackers have Vietnamese- related naming conventions, such as ‘hoang.exe’ or ‘hoangtuan.exe’. The GitLab path also shows a connection to the name ‘Khôi Nguyễn’.
Furthermore, the malware targets other browsers such as Brave, Chromium, Google Chrome, Microsoft Edge, Mozilla Firefox, and Opera.
In 2023, a similar scam used by scammers was hiring posting services. Scammers would approach victims through messaging apps like Messenger or Zalo, and then propose hiring them to post advertising on fan pages or groups.
When asked about the content for the advertising post, the scammers would send victims a file with the extension “.rar” or “.zip”. In reality, these are compressed files containing malware.
If victims download and access these files, the malware will immediately attack the computer and steal all data on the browsers, including cookies, passwords, and more.
Security experts advise Facebook users to exercise caution when clicking on unfamiliar links, opening files with the extension “.rar” or “.zip” sent from unknown accounts. Additionally, users should enable two-factor authentication (2FA) to enhance account security.
