- Vietnamese speech computer pirates are using false browser extensions to steal business accounts and Facebook ads
- Bitdefender found two campaigns that promote an extension of malware called SocialMetrics Pro through deceptive ads and tutorials
- The malware exfiltrates the data from the session to the telegram bots, enabling the theft of accounts and the resale for evil.
Vietnamese computer pirates once again pursue People’s business and Facebook accounts, this time through fake browser extensions.
Earlier this week, Bitdefender security researchers saw two separate campaigns, using false and evil websites to promote an extension promising the flagship of blue checks for Facebook and Instagram accounts.
The extension is called SocialMetrics Pro, and is promoted through at least 37 ads.
Sell Facebook accounts
These ads lead to websites that not only deliver malware, but also come with a video tutorial guide that guides victims through the process of verifying on Facebook and Instagram.
The malware itself is housed in the box, a legitimate provider of cloud storage services.
When the malware is installed, take the victim’s IP address and the Facebook session cookies, and transmits them to a telegram bot. There were also some variants interacting with the API of the Facebook chart, extracting more information about the destination accounts.
Bitdefender believes that threat actors are selling access to these accounts in underground forums for profit.
In general, criminals use these accounts to announce their own malicious campaigns. To distribute malware as many people as possible, computer pirates sometimes try to announce it on Facebook.
However, since goal is involved in rigorous detection, registering and establishing a evil campaign as that is practically impossible. On the other hand, threat actors steal the commercial accounts already verified with a clean advertisement record and abuse it for their attacks.
Bitdefender researchers believe that this is the work of a Vietnamese speech threat actor due to, among other things, the Vietnamese language in the video guides published in the malicious sites.
“By using a trusted platform, attackers can generate mass links, automatically embed them on tutorials and continuously update their campaigns,” Bitdefender said. “This conforms to a larger pattern of attackers that industrialize evil, where everything from advertisement images to tutorials is created in mass.”
Through The hacker news
