If your product is popular in social networks, it doesn't mean that people want to buy it.
In a new report from Guardio Labs, researchers warn of a large-scale phishing campaign targeting Facebook * business accounts. Hackers send messages via Facebook Messenger, disguising them as copyright infringement notices or product information requests. The purpose of the attack is to infect the target computers with malware to steal passwords and cookies.
When you open the RAR/ZIP archive attached to the message, a batch file is activated that downloads malware from GitHub repositories to bypass the blockages. The malware uses 5 layers of obfuscation, which makes it difficult for antivirus programs to detect it.
Phishing message in Messenger
Once activated, the malicious code collects all cookies and login data stored in the victim's web browser and sends them to hackers via Telegram or Discord. Then all cookies are deleted, which gives attackers time to change passwords and take over accounts.
According to Guardio Labs, about 100,000 phishing messages are sent out each week, mostly to users from North America, Europe, Australia, Japan, and Southeast Asia. Approximately 7% of all Facebook business accounts were targeted by the campaign, and 0.4% downloaded a malicious archive. Guardio Labs links the campaign to Vietnamese hackers, pointing out lines of code in Vietnamese and the use of the popular web browser "Coc Coc"in Vietnam.
Infection chain
The detected campaign not only causes huge financial damage, but also undermines the credibility of the Facebook platform as a tool for doing business. Experts at Guardio Labs strongly recommend increasing the level of cyber hygiene, using two-factor authentication (2FA), and being on the lookout for suspicious messages, even if they come from familiar contacts.
In a new report from Guardio Labs, researchers warn of a large-scale phishing campaign targeting Facebook * business accounts. Hackers send messages via Facebook Messenger, disguising them as copyright infringement notices or product information requests. The purpose of the attack is to infect the target computers with malware to steal passwords and cookies.
When you open the RAR/ZIP archive attached to the message, a batch file is activated that downloads malware from GitHub repositories to bypass the blockages. The malware uses 5 layers of obfuscation, which makes it difficult for antivirus programs to detect it.
Phishing message in Messenger
Once activated, the malicious code collects all cookies and login data stored in the victim's web browser and sends them to hackers via Telegram or Discord. Then all cookies are deleted, which gives attackers time to change passwords and take over accounts.
According to Guardio Labs, about 100,000 phishing messages are sent out each week, mostly to users from North America, Europe, Australia, Japan, and Southeast Asia. Approximately 7% of all Facebook business accounts were targeted by the campaign, and 0.4% downloaded a malicious archive. Guardio Labs links the campaign to Vietnamese hackers, pointing out lines of code in Vietnamese and the use of the popular web browser "Coc Coc"in Vietnam.
Infection chain
The detected campaign not only causes huge financial damage, but also undermines the credibility of the Facebook platform as a tool for doing business. Experts at Guardio Labs strongly recommend increasing the level of cyber hygiene, using two-factor authentication (2FA), and being on the lookout for suspicious messages, even if they come from familiar contacts.
