Phishing Messages: MrTonyScam: How criminals are using hacked Facebook accounts to dupe thousands

by

Facebook allows users to send messages. According to a report by Guardio Labs (spotted by Bleeping Computer), researchers have warned that hackers are now using a widely spread network of fake and hacked Facebook accounts to send out phishing messages. With these messages, cybercriminals are trying to trick people into installing password-stealing malware.
How hackers are targeting users
These messages contain a RAR/ZIP archive which includes a downloader for an evasive Python-based stealer. This file can steal cookies and passwords stored in the victim’s browser. Researchers have discovered that nearly one out of seventy targeted accounts is getting compromised and victimising users with massive financial losses. The report also includes screenshots to explain how these Facebook Messages work.
At first, hackers send phishing messages to Facebook business accounts. These messages either pretend to report copyright violations or request more information about a product. The attached archive includes a batch file that, if executed, can fetch a malware dropper from GitHub repositories to evade blocklists and minimise distinctive traces.
Apart from the payload (project.py), the batch script also fetches a standalone Python environment. This is required by the info-stealing malware and adds endurance by setting the stealer binary to execute at system startup. The project.py file comes with five layers of protection to confuse and make it more challenging for AV engines to discover the threat.
This malware can collect the cookies and login data stored on the victim’s web browser into a ZIP archive named ‘Document.zip’. It then sends the stolen information to the attackers via Telegram or Discord bot API.

In the end, the stealer clears all cookies from the victim’s device to log them out of their accounts. This gives the scammers enough time to hijack the newly compromised account by changing the passwords.
It is important to note that social media companies take a while to respond to emails about hijacked accounts. This also offers cybercriminals more time to misuse the hacked accounts with fraudulent activities.
The scale of the hacking campaign discovered by Guardio Labs is alarming as it is widespread and is affecting several regions. As per the report, nearly 100,000 phishing messages were sent primarily to Facebook users in North America, Europe, Australia, Japan and Southeast Asia every week.
The report also notes that roughly 7% of all of Facebook’s business accounts have been targeted. Out of which, the malicious archive was downloaded by 0.4% of accounts. However, to be infected by the malware, the users still have to execute the batch file,
Guardio also attributed this campaign to Vietnamese hackers. The researchers discovered strings in the malware that used the “Coc Coc” web browser, which is popular in Vietnam.

FOLLOW US ON GOOGLE NEWS

Read original article here

Denial of responsibility! Swift Telecast is an automatic aggregator of the all world’s media. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials, please contact us by email – swifttelecast.com. The content will be deleted within 24 hours.

Leave a Comment