Cyber Security News

Beware of VietCredCare Malware that Steals businesses’ Facebook Accounts

A new cybersecurity threat targeting Facebook advertisers in Vietnam, known as VietCredCare, has emerged.

This information stealer has been active since at least August 2022 and is designed to hijack corporate Facebook accounts by automatically filtering out Facebook session cookies and credentials from compromised devices.

The malware assesses whether the stolen accounts manage business profiles and if they maintain a positive Meta ad credit balance.

Document
Live Account Takeover Attack Simulation

How do Hackers Bypass 2FA?

Live attack simulation Webinar demonstrates various ways in which account takeover can happen and practices to protect your websites and APIs against ATO attacks .

How VietCredCare Operates

VietCredCare is distributed through links to bogus sites on social media posts and instant messaging platforms, masquerading as legitimate software like Microsoft Office or Acrobat Reader.

Once installed, it can extract credentials, cookies, and session IDs from web browsers, including Google Chrome, Microsoft Edge, and Cốc Cốc, a browser focusing on the Vietnamese market, Group-IB said.

How VietCredCare Operates

The malware is notable for its ability to retrieve a victim’s IP address, check if a Facebook account is a business profile, and assess whether the account currently manages ads.

It also takes steps to evade detection by disabling the Windows Antimalware Scan Interface (AMSI) and adding itself to the Windows Defender Antivirus exclusion list.

VietCredCare’s core functionality to filter out Facebook credentials puts organizations at risk of reputational and financial damages if their sensitive accounts are compromised, reads the report.

Credentials belonging to several government agencies, universities, e-commerce platforms, banks, and Vietnamese companies have been siphoned via the stealer malware.

The threat actors then use the stolen Facebook accounts to post political content or propagate phishing and affiliate scams for financial gain.

This large-scale malware distribution scheme facilitates the takeover of corporate Facebook accounts, targeting Vietnamese individuals who manage the Facebook profiles of prominent businesses and organizations.

Stealer-as-a-Service Model

VietCredCare is offered to other aspiring cybercriminals under the stealer-as-a-service model and is advertised on Facebook, YouTube, and Telegram.

It is managed by Vietnamese-speaking individuals.

Example of an advertisement for VietCredCare posted on Facebook

Customers can purchase access to a botnet managed by the malware’s developers or procure access to the source code for resale or personal use.

They are also provided a bespoke Telegram bot to control the exfiltration and delivery of credentials from an infected device.

Protecting Against VietCredCare

Organizations and individuals must be vigilant and take preventive measures against malware-based attacks.

This includes regular software updates, the use of antivirus software, and strong passwords.

It is also crucial to be cautious when clicking links or downloading attachments from unknown sources, as these could potentially contain malware like VietCredCare.

In conclusion, VietCredCare is a sophisticated malware that significantly threatens businesses and their online presence.

The ability of this malware to target and steal credentials from business-related Facebook accounts underscores the need for enhanced cybersecurity measures and awareness among users and organizations alike.

You can block malware, including Trojans, ransomware, spyware, rootkits, worms, and zero-day exploits, with Perimeter81 malware protection. All are extremely harmful, can wreak havoc, and damage your network.

Guru baran

Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Recent Posts

Alert! Palo Alto RCE Zero-day Vulnerability Actively Exploited in the Wild

In a recent security bulletin, Palo Alto Networks disclosed a critical vulnerability in its GlobalProtect Gateway, identified as CVE-2024-3400. This…

1 day ago

6-year-old Lighttpd Flaw Impacts Intel And Lenovo Servers

The software supply chain is filled with various challenges, such as untracked security vulnerabilities in open-source components and inconsistent update…

1 day ago

Hackers Employ Deepfake Technology To Impersonate as LastPass CEO

A LastPass employee recently became the target of an attempted fraud involving sophisticated audio deepfake technology. This incident underscores the…

1 day ago

Sisence Data Breach, CISA Urges To Reset Login Credentials

In response to a recent data breach at Sisense, a provider of data analytics services, the U.S. Cybersecurity and Infrastructure…

1 day ago

DuckDuckGo Launches Privacy Pro: 3-in-1 service With VPN

DuckDuckGo has launched Privacy Pro, a new subscription service that promises to enhance user privacy across the web. This innovative…

1 day ago

Cyber Attack Surge by 28%:Education Sector at High Risk

In Q1 2024, Check Point Research (CPR) witnessed a notable increase in the average number of cyber attacks per organization…

1 day ago