Fake profiles on Facebook offer to view a file containing sexy photos of women. But, this file also contains malware to steal usernames and passwords.
What ruin the dream of some. A multitude of fake accounts of women in sensual outfits on Facebook have been created to steal credentials, reveals research from cloud security company Zscaler, published on January 20, 2023. These profiles contact their victims on Facebook by offering to consult a file containing sexy photos. Once downloaded, the album in question contains the promised shots, but also malware to steal usernames and passwords. Generally, hackers offer a folder to recover from a Microsoft OneDrive account or from a fraudulent link.
The malware in question here is an info stealer, programmed to search through files and recover specific files: cookies, identification data.
For this, the software focuses on browsers such as Chrome, Firefox, Microsoft Edge or Brave. “Album Stealer” — the name given to the malware by Zscaler — targets Local State, Login Data and Cookies files. The Local State location contains keys needed to decrypt web browser data. The program starts by reading the file and recovering the necessary parameters to go further in the infection. File targeting functions allow you to quickly find interesting data and exfiltrate it on external servers. This whole process is carried out discreetly without the knowledge of the victim.
Phishing campaigns from Vietnam
The hackers behind this campaign are Vietnamese, according to the clues spotted by Zscaler. For example, a request to a server received a response in Vietnamese: ” Successful status update “.
This campaign is very similar to another phishing operation named “Ducktail” and carried out by Vietnamese pirates. In August, company employees were tricked from links sent on Facebook and WhatsApp. The criminals were looking to steal credentials from legitimate Facebook Ads accounts to turn them into a scam page. WithSecure, the company behind the research, had estimated that the losses for the victim companies could amount to 600,000 euros.
Build the future of Numerama with us by answering these questions!