A single conversation with a stranger can cause you to lose your digital identity.
Cybereason has discovered a new type of malware called Snake, which is distributed via Facebook posts. Written in Python, the infostiler is designed to steal confidential user data.
The stolen data is transmitted to various platforms, including Discord, GitHub, and Telegram. The first information about the campaign appeared in the social network X in August 2023. Attacks consist of sending RAR or ZIP archives to potential victims, which, when opened, start the infection process.
This is followed by steps using two loaders-the Batch script and the cmd script. The latter is responsible for downloading and executing malware from the attacker's GitLab repository.
Cybereason researchers have discovered 3 different malware variants: one of them is an executable file built using PyInstaller. The infostiler is designed to collect data from various web browsers, including the Vietnamese browser CốC CốC, which indicates the orientation to the Vietnamese audience.
The collected information, including credentials and cookies, is exported as a ZIP archive via the Telegram bot. The malware is also designed to steal information about Facebook cookies, which indicates that the cybercriminal intends to hijack accounts for their own purposes.
The link to the Vietnamese language is enhanced by the naming convention of repositories on GitHub and GitLab and the presence of links to the Vietnamese language in the source code. All variants support the CốC CốC browser, which is widely used by the Vietnamese community.
Cybereason has discovered a new type of malware called Snake, which is distributed via Facebook posts. Written in Python, the infostiler is designed to steal confidential user data.
The stolen data is transmitted to various platforms, including Discord, GitHub, and Telegram. The first information about the campaign appeared in the social network X in August 2023. Attacks consist of sending RAR or ZIP archives to potential victims, which, when opened, start the infection process.
This is followed by steps using two loaders-the Batch script and the cmd script. The latter is responsible for downloading and executing malware from the attacker's GitLab repository.
Cybereason researchers have discovered 3 different malware variants: one of them is an executable file built using PyInstaller. The infostiler is designed to collect data from various web browsers, including the Vietnamese browser CốC CốC, which indicates the orientation to the Vietnamese audience.
The collected information, including credentials and cookies, is exported as a ZIP archive via the Telegram bot. The malware is also designed to steal information about Facebook cookies, which indicates that the cybercriminal intends to hijack accounts for their own purposes.
The link to the Vietnamese language is enhanced by the naming convention of repositories on GitHub and GitLab and the presence of links to the Vietnamese language in the source code. All variants support the CốC CốC browser, which is widely used by the Vietnamese community.
