According to TechRadar , a new study has warned that bad guys are exploiting Facebook messages to deploy a sophisticated Python-based infostealer tool called Snake.
Accordingly, researchers at security solutions company Cybereason shared details of this dangerous attack campaign, saying that Snake's main goal is to steal sensitive data and login credentials from naive users. This appears to be a relatively new campaign, first detected in August 2023 and showing signs of targeting Vietnamese users.
In terms of attack methods, the attackers will send messages with content that piques the victim’s curiosity, often mentioning the victim’s sensitive video exposure, along with links to download compressed RAR or ZIP files. Although seemingly harmless, when opened, they will trigger an infection chain involving two malware downloaders, including a batch script and a cmd script. The cmd script is responsible for executing the Snake information-stealing tool from an attacker-controlled GitLab repository.
Messages containing malicious links are spread via Facebook messages.
Cybereason has identified three variants of Snake, with the third variant being an executable created by PyInstaller and targeting users of the Cốc Cốc browser, which is popular in Vietnam.
Once collected, the logins and cookies were shared across multiple platforms, including Discord, GitHub, and Telegram. The malware also targeted Facebook accounts by extracting cookie information, which could indicate that the account takeover was intended to be used for malware-spreading purposes.
The campaign appears to be linked to hackers from Vietnam, as the naming convention of the attacker-controlled repositories is said to include Vietnamese references in the source code, such as 'hoang.exe' or 'hoangtuan.exe', or the GitLab path that appears to reference the name 'Khoi Nguyen'.
Cybereason also noted that the malware also targets other browsers such as Brave, Chromium, Google Chrome, Microsoft Edge, Mozilla Firefox, and Opera.
The discovery comes amid increased scrutiny of Facebook for its perceived lack of support for victims of account hijacking. To protect themselves, users are advised to take security precautions, especially using complex passwords and two-factor authentication (2FA).
Source link
![[Photo] Prime Minister Pham Minh Chinh receives Australian Foreign Minister Penny Wong](https://vphoto.vietnam.vn/thumb/1200x675/vietnam/resource/IMAGE/2025/8/20/f5d413a946444bd2be288d6b700afc33)
![[Photo] An Phu intersection project connecting Ho Chi Minh City-Long Thanh-Dau Giay expressway behind schedule](https://vphoto.vietnam.vn/thumb/1200x675/vietnam/resource/IMAGE/2025/8/21/1ad80e9dd8944150bb72e6c49ecc7e08)
![[Photo] Politburo works with Standing Committees of Lang Son and Bac Ninh Provincial Party Committees](https://vphoto.vietnam.vn/thumb/1200x675/vietnam/resource/IMAGE/2025/8/20/0666629afb39421d8e1bd8922a0537e6)
Comment (0)