Tuesday, July 16, 2024

Beware of VietCredCare Malware that Steals businesses’ Facebook Accounts

A new cybersecurity threat targeting Facebook advertisers in Vietnam, known as VietCredCare, has emerged.

This information stealer has been active since at least August 2022 and is designed to hijack corporate Facebook accounts by automatically filtering out Facebook session cookies and credentials from compromised devices.

The malware assesses whether the stolen accounts manage business profiles and if they maintain a positive Meta ad credit balance.

Live Account Takeover Attack Simulation

How do Hackers Bypass 2FA?

Live attack simulation Webinar demonstrates various ways in which account takeover can happen and practices to protect your websites and APIs against ATO attacks.

How VietCredCare Operates

VietCredCare is distributed through links to bogus sites on social media posts and instant messaging platforms, masquerading as legitimate software like Microsoft Office or Acrobat Reader.

Once installed, it can extract credentials, cookies, and session IDs from web browsers, including Google Chrome, Microsoft Edge, and Cốc Cốc, a browser focusing on the Vietnamese market, Group-IB said.

How VietCredCare Operates
How VietCredCare Operates

The malware is notable for its ability to retrieve a victim’s IP address, check if a Facebook account is a business profile, and assess whether the account currently manages ads.

It also takes steps to evade detection by disabling the Windows Antimalware Scan Interface (AMSI) and adding itself to the Windows Defender Antivirus exclusion list.

VietCredCare’s core functionality to filter out Facebook credentials puts organizations at risk of reputational and financial damages if their sensitive accounts are compromised, reads the report.

Credentials belonging to several government agencies, universities, e-commerce platforms, banks, and Vietnamese companies have been siphoned via the stealer malware.

The threat actors then use the stolen Facebook accounts to post political content or propagate phishing and affiliate scams for financial gain.

This large-scale malware distribution scheme facilitates the takeover of corporate Facebook accounts, targeting Vietnamese individuals who manage the Facebook profiles of prominent businesses and organizations.

Stealer-as-a-Service Model

VietCredCare is offered to other aspiring cybercriminals under the stealer-as-a-service model and is advertised on Facebook, YouTube, and Telegram.

It is managed by Vietnamese-speaking individuals.

 Example of an advertisement for VietCredCare posted on Facebook
 Example of an advertisement for VietCredCare posted on Facebook

Customers can purchase access to a botnet managed by the malware’s developers or procure access to the source code for resale or personal use.

They are also provided a bespoke Telegram bot to control the exfiltration and delivery of credentials from an infected device.

Protecting Against VietCredCare

Organizations and individuals must be vigilant and take preventive measures against malware-based attacks.

This includes regular software updates, the use of antivirus software, and strong passwords.

It is also crucial to be cautious when clicking links or downloading attachments from unknown sources, as these could potentially contain malware like VietCredCare.

In conclusion, VietCredCare is a sophisticated malware that significantly threatens businesses and their online presence.

The ability of this malware to target and steal credentials from business-related Facebook accounts underscores the need for enhanced cybersecurity measures and awareness among users and organizations alike.

You can block malware, including Trojans, ransomware, spyware, rootkits, worms, and zero-day exploits, with Perimeter81 malware protection. All are extremely harmful, can wreak havoc, and damage your network.


Latest articles

MirrorFace Attacking Organizations Exploiting Vulnerabilities In Internet-Facing Assets

MirrorFace threat actors have been targeting media, political organizations, and academic institutions since 2022,...

HardBit Ransomware Using Passphrase Protection To Evade Detection

In 2022, HardBit Ransomware emerged as version 4.0. Unlike typical ransomware groups, this ransomware...

New Poco RAT Weaponizing 7zip Files Using Google Drive

The hackers weaponize 7zip files to pass through security measures and deliver malware effectively.These...

New ShadowRoot Ransomware Attacking Business Via Weaponized PDF’s

X-Labs identified basic ransomware targeting Turkish businesses, delivered via PDF attachments in suspicious emails...

Hacktivist Groups Preparing for DDoS Attacks Targeting Paris Olympics

Cyble Research & Intelligence Labs (CRIL) researchers have identified a cyber threat targeting the...

Critical Cellopoint Secure Email Gateway Flaw Let Attackers Execute Arbitrary Code

A critical vulnerability has been discovered in the Cellopoint Secure Email Gateway, identified as...

Singapore Banks to Phase out OTPs for Bank Account Logins Within 3 Months

The Monetary Authority of Singapore (MAS) and The Association of Banks in Singapore (ABS)...
Guru baran
Guru baranhttps://gbhackers.com
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Free Webinar

Low Rate DDoS Attack

9 of 10 sites on the AppTrana network have faced a DDoS attack in the last 30 days.
Some DDoS attacks could readily be blocked by rate-limiting, IP reputation checks and other basic mitigation methods.
More than 50% of the DDoS attacks are employing botnets to send slow DDoS attacks where millions of IPs are being employed to send one or two requests per minute..
Key takeaways include:

  • The mechanics of a low-DDoS attack
  • Fundamentals of behavioural AI and rate-limiting
  • Surgical mitigation actions to minimize false positives
  • Role of managed services in DDoS monitoring

Related Articles