- Vietnamese-speaking hackers use fake browser extensions to steal Facebook business and ad accounts
- BitDefender found two campaigns promoting a malware-cord extension called SocialMetrics Pro through misleading ads and tutorials
- Malware Exfiltrates session data for telegram bots, enabling office theft and resale for malvertization.
Vietnamese hackers go back after People’s Facebook business and ADS accounts, this time through fake browser extensions.
Earlier this week, security researchers discovered Bitdefender two separate campaigns, using fake sites and maltering to promote an extension promising Blue Check -Badget to Facebook and Instagram accounts.
The expansion is called SocialMetrics Pro and it is promoted through at least 37 ads.
Sells Facebook accounts
These ads lead to sites that not only deliver malware but also come with a video tutorial guide that guides the victims through the process of being verified on Facebook and Instagram.
Malware itself hosts Box – a legitimate provider of sky storage.
Once Malware is installed, it grabs the victim’s IP address and Facebook session cookies and forward them to a telegram bot. Some variants were also seen interacting with Facebook Graph API, which withdrew more information about target accounts.
Bitdefender believes that threat actors sell access to these accounts on underground forums for profits.
Usually criminals use these accounts to advertise their own malicious campaigns. To distribute malware to as many people as possible, hackers sometimes try to advertise it on Facebook.
However, as Meta engages in strict screening, it is practically impossible to sign up for a malvertizing campaign. Instead, threat actors are already stealing business accounts with a clean ad and abusing it for their attacks.
BitDefender’s researchers believe this is the work of a Vietnamese-speaking threat actor due to, among other things, Vietnamese language in the how-to-video guides sent in the malicious places.
“By using a trusted platform, attacking massagers can generate generate links, automatically integrate them into tutorials and continuously update their campaigns,” Bitdefender said. “This fits a larger pattern of attackers who industrialize malvertising, where everything from ad images to tutorials is created in a lot.”
Via Hacker the news
