Password-stealing malware targets thousands of Facebook business

Messenger

New research published by Guardio Labs’s Oleg Zaytsev has revealed the extent of ongoing Messenger-based attacks targeting business owners on Facebook in recent weeks.

The surge in attacks is attributable to a Vietnamese-based group that has been seeing particular success in its campaign, succeeding in its bid to compromise around one account in every 70 it tries.

According to Zaytsev, millions of businesses have already been targeted on the platform that has become known as one of the most cost-effective online trading and marketing methods.

Facebook business owners warned of cyberattacks

Rather than relying on the basic principles of phishing, whereby users willingly share their credentials via an illegitimate, malicious site, this campaign focuses on spreading malware designed to intercept these credentials.

Zaytsev says that the attacks begin with messages from what look like prospective customers, which serve as a decoy to let the business owners’ guards down.

Ultimately, the malicious stealer payload is deployed, targeting all browsers installed on a victim’s machine. The Python script is designed to obtain session cookies, which are then sent to the threat actor’s instant messaging channels - specifically, Telegram and Discord.

Different message variations and Unicode characters are designed to create a multitude of individual messages as the threat actor seeks to avoid detection by Messenger’s built-in scanners.

Zaytsev added that two particular pieces of evidence suggest the campaign’s link to a Vietnamese group - a Vietnamese message that is sent to the Telegram bot and the inclusion of the ‘Coc Coc’ browser in the list of browsers that are targeted - one that is especially popular in the country.

Chrome, Firefox, Edge, Opera, Brave, and other Chromium-based browsers look to be affected by the script.

The blog post ends with a message regarding the stark reality of our cyber landscape: vigilance is key in a world where “you can never know where the next punch will come from.”

More broadly, users can follow good practices such as exercising caution with external links and monitoring online accounts for suspicious activity to protect their digital footprints.

More from TechRadar Pro

• Keep your login details secure with the best password managers

• This Chrome extension can steal your passwords - and Google has no problem with it

• Spend a lot of time online? It may be worth considering the best endpoint protection software to help weed out potential threats