Facebook messages hijacked to steal personal info and details

facebook
(Image credit: 123RF)

New research has revealed that threat actors are leveraging Facebook messages to deploy a sophisticated Python-based infostealer, known as Snake.

Researchers at Cyberason have shared details of the attack, indicating that Snake's primary objective is to capture sensitive data and credentials from unsuspecting users.

It looks to be a relatively new campaign, which was first brought to light on X in August 2023, shows bias towards Vietnamese victims.

Facebook infostealer targeting Vietnamese users

The attack uses seemingly harmless RAR or ZIP files, which, once opened, trigger an infection sequence that involves two additional downloaders – a batch script and a cmd script. The cmd script is responsible for executing the Snake infostealer from an actor-controlled GitLab repo.

Cybereason has identified three distinct variants of the Snake infostealer – the third is an executable assembled by PyInstaller and targets users of the Coc Coc browser, suggesting a specific focus on Vietnamese users.

Once harvested, credentials and cookies are shared via numerous platforms, including Discord, GitHub, and Telegram.

The malware also targets Facebook accounts by extracting cookie information, which could indicate a goal of hijacking accounts, potentially for malicious purposes.

The connection to Vietnam is further reinforced by the naming conventions of the actor-controlled repositories, which allegedly reference the Vietnamese language in the source code.

Cybereason also noted that the malware targets other browsers used globally, including Brave, Chromium, Google Chrome Browser, Microsoft Edge, Mozilla Firefox, and Opera Web Browser.

The discovery comes amid increased scrutiny of Facebook for its perceived failure to assist victims of account takeovers.

TechRadar Pro has asked Meta to share information about how users can boost their protection against such attacks, and whether the company has any plans to prevent future attacks. In the meantime, users can follow best practices to help protect their accounts, including using complex passwords and two-factor authentication (2FA).

More from TechRadar Pro

TOPICS
Craig Hale

With several years’ experience freelancing in tech and automotive circles, Craig’s specific interests lie in technology that is designed to better our lives, including AI and ML, productivity aids, and smart fitness. He is also passionate about cars and the decarbonisation of personal transportation. As an avid bargain-hunter, you can be sure that any deal Craig finds is top value!

Read more
A white padlock on a dark digital background.
A new and dangerous keylogger is on the loose - here's how to stay safe
Hands typing on a keyboard surrounded by security icons
Infostealers on the rise: the latest concern for organizational defenses
An American flag flying outside the US Capitol building against a blue sky
US military and defense contractors hit with Infostealer malware
unblock facebook with vpn
A new Facebook phishing campaign looks to trick you with emails sent from Salesforce
A concept image of someone typing on a computer. A red flashing danger sign is above the keyboard and nymbers and symbols also in glowing red surround it.
Microsoft Teams and other Windows tools hijacked to hack corporate networks
A digital representation of a lock
Security experts are being targeted with fake malware discoveries
Latest in Security
Data leak
Top home hardware firm data leak could see millions of customers affected
Representational image depecting cybersecurity protection
Third-party security issues could be the biggest threat facing your business
A stylized depiction of a padlocked WiFi symbol sitting in the centre of an interlocking vault.
Broadcom warns of worrying security flaws affecting VMware tools
Android Logo
Devious new Android malware uses a Microsoft tool to avoid being spotted
URL phishing
HaveIBeenPwned owner suffers phishing attack that stole his Mailchimp mailing list
Ransomware
Cl0p resurgence drives ransomware attacks to new highs in 2025
Latest in News
Buzz Lightyear Space Ranger Spin Rennovations
Disney’s giving a classic Buzz Lightyear ride a tech overhaul – here's everything you need to know
Hisense U8 series TV on wall in living room
Hisense announces 2025 mini-LED TV lineup, with screen sizes up to 100 inches – and a surprising smart TV switch
Nintendo Music teaser art
Nintendo Music expands its library with songs from Kirby and the Forgotten Land and Tetris
Opera AI Tabs
Opera's new AI feature brings order to your browser tab chaos
An image of Pro-Ject's Flatten it closed and opened
Pro-Ject’s new vinyl flattener will fix any warped LPs you inadvertently buy on Record Store Day
The iPhone 16 Pro on a grey background
iPhone 17 Pro tipped to get 8K video recording – but I want these 3 video features instead