Hackers Target Facebook Business Accounts with Messenger Phishing Attack

Byマンフォ・ブレシア

11月2023日、XNUMX年
A recent report by Guardio Labs reveals that hackers have been using a vast network of fake and compromised Facebook accounts to launch a phishing attack on Facebook business accounts. The attackers send out millions of Messenger phishing messages, pretending to be copyright violations or requests for more information, in an attempt to trick their targets.

The phishing messages contain a RAR/ZIP archive that, if downloaded and executed, fetches a malware dropper from GitHub repositories. The dropper, written in Python, is designed to evade detection and steal sensitive data from the victim’s browser. The malware collects cookies and login data, which are then sent to the attackers via Telegram or Discord bot API.

Once the information has been stolen, the attackers wipe all cookies from the victim’s device to log them out of their accounts, giving them enough time to hijack the compromised account by changing its passwords. This process can take a while, as social media companies may be slow to respond to reports of hijacked accounts, allowing the threat actors to conduct fraudulent activities.

The scale of this campaign is concerning, with approximately 100,000 phishing messages being sent every week. These messages primarily target Facebook users in North America, Europe, Australia, Japan, and Southeast Asia. Guardio Labs estimates that around 7% of all Facebook business accounts have been targeted, with 0.4% having downloaded the malicious archive. The number of hijacked accounts is unknown but could be significant.

Guardio Labs attributes this campaign to Vietnamese hackers based on evidence found in the malware. The use of the “Coc Coc” web browser, popular in Vietnam, and Vietnamese-language strings in the malware indicate the origin of the threat actors. Vietnamese threat groups have previously targeted Facebook with large-scale campaigns, monetizing stolen accounts through resale on Telegram or the dark web.

It is important for Facebook users, especially those with business accounts, to remain vigilant against phishing attempts. They should be cautious when opening messages or downloading attachments, ensuring that they are from legitimate sources. Additionally, enabling multi-factor authentication and regularly updating passwords can help protect against unauthorized access to accounts.

