Singapore-based cybersecurity provider Group-IB has identified a new malware actively targeting Vietnamese users, particularly those managing business profiles on Facebook.
The malware, codenamed VietCredCare, has been actively involved in the theft of session cookies and credentials, focusing on accounts with positive Meta ad credit balances, since at least August 2022.
Group-IB's APAC head of the High-Tech Crime Investigation Department, Vesta Matveeva, said, "VietCredCare's core functionality to filter out Facebook credentials puts organisations in both the public and private sectors at risk of reputation and financial damages if their sensitive accounts are compromised."
This malware doesn't just steal information, but also hijacks business Facebook accounts for political content dissemination or financial crimes, including phishing and selling stolen credentials, Group-IB said in a report.
"The impact of VietCredCare is widespread, affecting individuals and organisations across 44 provinces, with a large presence in Hanoi, Ho Chi Minh City, and Da Nang," it added.
VietCredCare is marketed as a Stealer-as-a-Service, making it "alarmingly" accessible to cybercriminals who wish to exploit stolen data.
It facilitates the takeover of corporate Facebook accounts by targeting Vietnamese individuals who manage the Facebook profiles of prominent businesses and organisations.
The malware can also retrieve a victim's IP address through external sources, identify Facebook accounts and whether they are business profiles and identify the folder path to exfiltrate credentials from web browsers like Google Chrome, Microsoft Edge, and Cốc Cốc.
It further performs evasion techniques by disabling the Windows Antimalware Scan Interface (AMSI) functionality and adding itself to the exclusion list of Windows Defender.
Group-IB findings have unveiled that the malware has compromised credentials from various vital sectors in Vietnam, including government agencies, universities, banks, e-commerce platforms and major enterprises.
The company said it has notified affected entities and is collaborating with Vietnamese law enforcement to combat the cyber menace.
Group-IB experts recommend users enable two-factor authentication for social media accounts and avoid clicking on untrusted links.
They also suggest checking on received executable files from unauthorised sources through publicly available sandboxes, antivirus or online services for antivirus detection.
