Thursday, April 24, 2025
HomeCyber Security NewsHackers Attack Facebook Business Users Aggressively to Steal Login Credentials

Hackers Attack Facebook Business Users Aggressively to Steal Login Credentials

Published on

SIEM as a Service

Follow Us on Google News

A new and highly concerning cyber threat has emerged, as a botnet known as “MrTonyScam” has been orchestrating an extensive Messenger phishing campaign on Facebook. 

Recently, this campaign has flooded the platform with malicious messages, posing a significant risk to business accounts. 

Campaign distribution
Campaign distribution worldwide in the past 30 days

The threat actors behind this operation, originating from a Vietnamese-based group, are using deceptive tactics to target millions of businesses with disturbingly high success rates.

- Advertisement - Google News
Document
FREE Demo

Deploy Advanced AI-Powered Email Security Solution

Implementing AI-Powered Email security solutions “Trustifi” can secure your business from today’s most dangerous email threats, such as Email Tracking, Blocking, Modifying, Phishing, Account Take Over, Business Email Compromise, Malware & Ransomware

Messenger as the Battlefield

Facebook’s Messenger platform, designed for communication and connections, has become the unexpected battleground for this evil campaign. 

The attackers have exploited it to unleash a barrage of deceptive messages containing malicious attachments, reads Guardio blog post.

What sets this campaign apart is its focus on business accounts, ranging from small marketplace sellers to large corporations. The attackers employ fake business inquiries, a tactic that has proved incredibly effective, with approximately 1 in every 70 recipients falling victim.

Different variants of Facebook messenger phishing messages
Different variants of Facebook messenger phishing messages sent to businesses

The attackers employ a clever and multi-stage attack process. It all begins with a seemingly innocent compressed file attachment. However, within this harmless file lies a powerful Python-based stealer

The threat actors have deployed a range of simple yet highly effective obfuscation methods to ensure their success.

Targeting Facebook Business Accounts

The attackers’ modus operandi hinges on the allure of a new business opportunity. By sending instant messages to unsuspecting business owners, they stimulate curiosity and tempt recipients to click on the malicious attachment. 

Once the attachment is opened, the attacker gains access to the victim’s Facebook operation, often leading to the victim being permanently locked out.

The hijacked Facebook accounts, with their reputation, seller rating, and extensive followers, represent a valuable commodity on dark markets. 

These accounts are exploited to reach a broad audience for the dissemination of advertisements and further scams. 

Additionally, individuals who manage Facebook business accounts typically possess other high-value accounts on various platforms, including banking, e-commerce, and advertising platforms. 

These accounts can be stolen directly from their browser’s cookies and password files, making them prime targets for cybercriminals.

This attack employs a combination of techniques, abuses free/open platforms, and utilizes numerous obfuscation methods. 

Keep informed about the latest Cyber Security News by following us on Google NewsLinkedinTwitter, and Facebook.

Latest articles

Google Warns: Threat Actors Growing More Sophisticated, Exploiting Zero-Day Vulnerabilities

Google’s Mandiant team has released its M-Trends 2025 report, highlighting the increasing sophistication of...

Critical Langflow Flaw Enables Malicious Code Injection – Technical Breakdown Released

A critical remote code execution (RCE) vulnerability, identified as CVE-2025-3248 with a CVSS score...

GitLab Releases Critical Patch for XSS, DoS, and Account Takeover Bugs

GitLab, a leading DevOps platform, has released a critical security patch impacting both its...

SonicWall SSLVPN Flaw Allows Hackers to Crash Firewalls Remotely

SonicWall has issued an urgent advisory (SNWLID-2025-0009) warning of a high-severity vulnerability in its...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

Google Warns: Threat Actors Growing More Sophisticated, Exploiting Zero-Day Vulnerabilities

Google’s Mandiant team has released its M-Trends 2025 report, highlighting the increasing sophistication of...

Critical Langflow Flaw Enables Malicious Code Injection – Technical Breakdown Released

A critical remote code execution (RCE) vulnerability, identified as CVE-2025-3248 with a CVSS score...

GitLab Releases Critical Patch for XSS, DoS, and Account Takeover Bugs

GitLab, a leading DevOps platform, has released a critical security patch impacting both its...