Password-stealing malware targets thousands of Facebook business
Watch out for this malware on Messenger
New research published by Guardio Labs’s Oleg Zaytsev has revealed the extent of ongoing Messenger-based attacks targeting business owners on Facebook in recent weeks.
The surge in attacks is attributable to a Vietnamese-based group that has been seeing particular success in its campaign, succeeding in its bid to compromise around one account in every 70 it tries.
According to Zaytsev, millions of businesses have already been targeted on the platform that has become known as one of the most cost-effective online trading and marketing methods.
Facebook business owners warned of cyberattacks
Rather than relying on the basic principles of phishing, whereby users willingly share their credentials via an illegitimate, malicious site, this campaign focuses on spreading malware designed to intercept these credentials.
Zaytsev says that the attacks begin with messages from what look like prospective customers, which serve as a decoy to let the business owners’ guards down.
Ultimately, the malicious stealer payload is deployed, targeting all browsers installed on a victim’s machine. The Python script is designed to obtain session cookies, which are then sent to the threat actor’s instant messaging channels - specifically, Telegram and Discord.
Different message variations and Unicode characters are designed to create a multitude of individual messages as the threat actor seeks to avoid detection by Messenger’s built-in scanners.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Zaytsev added that two particular pieces of evidence suggest the campaign’s link to a Vietnamese group - a Vietnamese message that is sent to the Telegram bot and the inclusion of the ‘Coc Coc’ browser in the list of browsers that are targeted - one that is especially popular in the country.
Chrome, Firefox, Edge, Opera, Brave, and other Chromium-based browsers look to be affected by the script.
The blog post ends with a message regarding the stark reality of our cyber landscape: vigilance is key in a world where “you can never know where the next punch will come from.”
More broadly, users can follow good practices such as exercising caution with external links and monitoring online accounts for suspicious activity to protect their digital footprints.
More from TechRadar Pro
- Keep your login details secure with the best password managers
- This Chrome extension can steal your passwords - and Google has no problem with it
- Spend a lot of time online? It may be worth considering the best endpoint protection software to help weed out potential threats
With several years’ experience freelancing in tech and automotive circles, Craig’s specific interests lie in technology that is designed to better our lives, including AI and ML, productivity aids, and smart fitness. He is also passionate about cars and the decarbonisation of personal transportation. As an avid bargain-hunter, you can be sure that any deal Craig finds is top value!