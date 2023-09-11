逸耘居

揭开新技术和人工智能的力量

新闻中心

黑客通过 Messenger 网络钓鱼攻击瞄准 Facebook 企业帐户

By曼波布雷西亚

11 年 2023 月 XNUMX 日
黑客通过 Messenger 网络钓鱼攻击瞄准 Facebook 企业帐户

A recent report by Guardio Labs reveals that hackers have been using a vast network of fake and compromised Facebook accounts to launch a phishing attack on Facebook business accounts. The attackers send out millions of Messenger phishing messages, pretending to be copyright violations or requests for more information, in an attempt to trick their targets.

The phishing messages contain a RAR/ZIP archive that, if downloaded and executed, fetches a malware dropper from GitHub repositories. The dropper, written in Python, is designed to evade detection and steal sensitive data from the victim’s browser. The malware collects cookies and login data, which are then sent to the attackers via Telegram or Discord bot API.

Once the information has been stolen, the attackers wipe all cookies from the victim’s device to log them out of their accounts, giving them enough time to hijack the compromised account by changing its passwords. This process can take a while, as social media companies may be slow to respond to reports of hijacked accounts, allowing the threat actors to conduct fraudulent activities.

The scale of this campaign is concerning, with approximately 100,000 phishing messages being sent every week. These messages primarily target Facebook users in North America, Europe, Australia, Japan, and Southeast Asia. Guardio Labs estimates that around 7% of all Facebook business accounts have been targeted, with 0.4% having downloaded the malicious archive. The number of hijacked accounts is unknown but could be significant.

Guardio Labs attributes this campaign to Vietnamese hackers based on evidence found in the malware. The use of the “Coc Coc” web browser, popular in Vietnam, and Vietnamese-language strings in the malware indicate the origin of the threat actors. Vietnamese threat groups have previously targeted Facebook with large-scale campaigns, monetizing stolen accounts through resale on Telegram or the dark web.

It is important for Facebook users, especially those with business accounts, to remain vigilant against phishing attempts. They should be cautious when opening messages or downloading attachments, ensuring that they are from legitimate sources. Additionally, enabling multi-factor authentication and regularly updating passwords can help protect against unauthorized access to accounts.

来源：
– Guardio Labs report (URL removed)
– Facebook announcement about NodeStealer campaign (URL removed)
– Guardio Labs report on Vietnamese threat actor (URL removed)

By 曼波布雷西亚

相关帖子

新闻中心

The Wordle 评论：分析益智 Wordle 819

16 年 2023 月 XNUMX 日 曼波布雷西亚
新闻中心

407 亿年前，古代细菌首次在陆地上定居

16 年 2023 月 XNUMX 日 薇琪斯塔夫罗普卢
新闻中心

Sonos Beam（第 2 代）和三星 HW-S60B Soundbar 的比较

16 年 2023 月 XNUMX 日 薇琪斯塔夫罗普卢

你错过了

科学

椎骨的起源及其在肿瘤转移中的作用

17 年 2023 月 XNUMX 日 罗伯特·安德鲁 0条评论
科学

使用 eDNA 了解整个人群的基因组成

17 年 2023 月 XNUMX 日 加布里埃尔博塔 0条评论
科学

美国宇航局宇航员和宇航员安全抵达国际空间站

17 年 2023 月 XNUMX 日 曼波布雷西亚 0条评论
科学

新的月球竞赛：建立月球经济

17 年 2023 月 XNUMX 日 薇琪斯塔夫罗普卢 0条评论