Group-IB discovered a new information stealer malware targeting users in Vietnam by automatically filtering out Facebook session cookies and credentials stolen from compromised devices and taking over business Facebook accounts for malicious purposes.
VietCredCare
Named VietCredCare, Group-IB discovered the malware exfiltrated logs containing credentials for nine Vietnamese government agencies, the National Public Service Portals of 12 cities or provinces, 65 universities, 4 e-commerce platforms, 21 banks, and 12 major Vietnamese enterprises through phishing attacks.
Managed entirely under the Stealer-as-a-Service model, malware developers offer stolen information to potential cybercriminals looking to launch their attacks.
Complex web of connections
“Group-IB’s study has revealed a complex web of connections between the malware’s developers, buyers, and victims, and the malware is still being promoted among the Vietnamese cybercriminal community. VietCredCare’s core functionality to filter out Facebook credentials puts organisations in both the public and private sectors at risk of reputational and financial damages if their sensitive accounts are compromised,” says Vesta Matveeva, Group- IB’s head of High-Tech Crime Investigation Department, APAC.
Matveeva urges Facebook users to enable their two-factor authentication on their social media accounts and avoid clicking on suspicious links to protect themselves from malware.