New research by Guardio Labs has discovered an attack campaign carried out by a Vietnamese-origin hacker group. This group spreads a small compressed file attachment containing a Python-based stealing tool, along with an effective “hiding” method.
First, the hacker sends and lures the victim to open compressed files via Facebook Messenger. When users do so, the malicious code will download destructive code from Github and steal access history, thereby appropriating information to steal internet accounts such as social network accounts, emails… After that, the hacker will use the captured accounts, especially the victim’s Facebook account, to chat with friends on the list to continue spreading malicious code.
This form of attack is not new but has a strong exponential spread because from 1 victim it will continue to spread to many other victims in the friend list.
Thehackernews page quoted a source from Guardio Labs saying that they discovered Vietnamese words in the source code of the file as well as signs of Coc Coc, a browser based on Chrome in Vietnam.
Experts warn that users need to be very careful. When receiving compressed files from anyone, including your friends, you should absolutely not open them. Need to confirm with the sender via another channel (call, text message via another application) to ensure safety, sent by a friend before opening.