Facebook messages hijacked to steal personal info and details

News
By Craig Hale
published

New infostealer targeting Facebook users

facebook
(Image credit: 123RF)

New research has revealed that threat actors are leveraging Facebook messages to deploy a sophisticated Python-based infostealer, known as Snake.

Researchers at Cyberason have shared details of the attack, indicating that Snake's primary objective is to capture sensitive data and credentials from unsuspecting users.

It looks to be a relatively new campaign, which was first brought to light on X in August 2023, shows bias towards Vietnamese victims.

Facebook infostealer targeting Vietnamese users

The attack uses seemingly harmless RAR or ZIP files, which, once opened, trigger an infection sequence that involves two additional downloaders – a batch script and a cmd script. The cmd script is responsible for executing the Snake infostealer from an actor-controlled GitLab repo.

Cybereason has identified three distinct variants of the Snake infostealer – the third is an executable assembled by PyInstaller and targets users of the Coc Coc browser, suggesting a specific focus on Vietnamese users.

Once harvested, credentials and cookies are shared via numerous platforms, including Discord, GitHub, and Telegram.

The malware also targets Facebook accounts by extracting cookie information, which could indicate a goal of hijacking accounts, potentially for malicious purposes.

The connection to Vietnam is further reinforced by the naming conventions of the actor-controlled repositories, which allegedly reference the Vietnamese language in the source code.

Cybereason also noted that the malware targets other browsers used globally, including Brave, Chromium, Google Chrome Browser, Microsoft Edge, Mozilla Firefox, and Opera Web Browser.

The discovery comes amid increased scrutiny of Facebook for its perceived failure to assist victims of account takeovers.

TechRadar Pro has asked Meta to share information about how users can boost their protection against such attacks, and whether the company has any plans to prevent future attacks. In the meantime, users can follow best practices to help protect their accounts, including using complex passwords and two-factor authentication (2FA).

More from TechRadar Pro

Craig Hale
Craig Hale

With several years’ experience freelancing in tech and automotive circles, Craig’s specific interests lie in technology that is designed to better our lives, including AI and ML, productivity aids, and smart fitness. He is also passionate about cars and the decarbonisation of personal transportation. As an avid bargain-hunter, you can be sure that any deal Craig finds is top value!