- Vietnamese pirates use false browser extensions to steal Facebook affairs and announcements accounts
- Bitdefender found two campaigns promoting a malicious extension called Socialmetrics Pro through announcements and misleading tutorials
- Malware exfiltrates session data for telegram boots, allowing theft and resale of the accounts of Malvertling.
Vietnamese pirates are taking care of it once again after the business and advertisements of people, this time thanks to false browser extensions.
Earlier this week, Bitdefender security researchers spotted two separate campaigns, using false websites and malvertling to promote an extension promising the blue check badge for Facebook and Instagram accounts.
The extension is called Socialmetrics Pro, and it is promoted by at least 37 ads.
Sell Facebook accounts
These announcements lead to websites that not only deliver malware, but are also delivered with a video tutorial guide that guides victims throughout the Facebook and Instagram verification process.
Malware itself is hosted on the box – a legitimate cloud storage service provider.
When malware is installed, he entered the victim’s IP address and Facebook session cookies and relays them to a telegram bot. Some variants have also been seen interacting with the Facebook graphic API, drawing more information on target accounts.
Bitdefender believes that threat actors sell access to these accounts on for -profit underground forums.
Usually criminals use these accounts to announce their own malicious campaigns. To distribute malware to as many people as possible, pirates are sometimes trying to have it announced on Facebook.
However, since Meta engages in rigorous screening, the inscription and the establishment of a malvertization campaign as is practically impossible. Instead, threat stakeholders steal from commercial accounts already verified with a recording of own advertisements and abuse them for their attacks.
Bitdefender researchers believe that it is the work of an actor of threat of Vietnamese language due, among other things, of the Vietnamese language in practical video guides published on malicious sites.
“Using a trust platform, attackers can generate mass links, automatically integrate them into tutorials and continually refresh their campaigns,” said Bitdefender. “This corresponds to a wider scheme of attackers industrializing malvertling, where everything, from advertising images to tutorials, is created en masse.”
Via The Hacker News
