Users are able to send messages on Facebook. Researchers have warned that hackers are now employing a widely dispersed network of phony and compromised Facebook accounts to send out phishing messages, according to a report by Guardio Labs (discovered by Bleeping Computer). Cybercriminals are attempting to fool individuals into installing malware that steals passwords by sending them these messages.
How users are targeted by hackers
These mails include a downloader for an elusive Python-based stealer in a RAR/ZIP bundle. This file has the ability to collect passwords and cookies from the victim's browser. Researchers have found that almost one out of every seventy targeted accounts is compromised, causing users to suffer significant financial losses. To further demonstrate how these Facebook Messages function, screenshots are included in the paper.
First, hackers target Facebook business accounts with phishing emails. These mails either purport to report copyright breaches or ask for additional product information. A batch file that, when run, can retrieve a malware dropper from GitHub repositories in order to avoid blocklists and minimize recognizable traces is included in the attached download.
A standalone Python environment is also fetched by the batch script in addition to the payload (project.py). The info-stealing malware requires this, and by setting the stealer program to run during system startup, it increases endurance. To confuse and make it more difficult for AV engines to detect the threat, the project.py file has five layers of protection.
The cookies and login information kept on the victim's web browser can be collected by this virus and stored in a ZIP archive called "Document.zip." Following that, it uses the Telegram or Discord bot API to transfer the stolen data to the attackers.
In order to log the victim out of their accounts, the thief eventually clears all cookies from their device. This allows the con artists ample time to change the passwords on the recently compromised account and take control of it.
It is significant to remember that social media firms take some time to reply to emails about accounts that have been taken over. Additionally, this gives online fraudsters more time to use the compromised accounts for fraudulent purposes.
Approximately 7% of all Facebook business accounts have been targeted, according to the analysis. Out of which, 0.4% of accounts downloaded the infected package. Guardio also ascribed this effort to Vietnamese hackers, despite the fact that victims still need to run the batch file in order to be infected by the malware. The malware the researchers found had strings that referenced the widely used "Coc Coc" web browser in Vietnam.
Comments
Post a Comment