Vietnamese Hackers Deploy Python-Based Stealer via Facebook Messenger


A new phishing attack is leveraging Facebook Messenger to propagate messages with malicious attachments from a “swarm of fake and hijacked personal accounts” with the ultimate goal of taking over the targets’ Business accounts.

“Originating yet again from a Vietnamese-based group, this campaign uses a tiny compressed file attachment that packs a powerful Python-based stealer dropped in a multi-stage process full of simple yet effective obfuscation methods,” Guardio Labs researcher Oleg Zaytsev said in an analysis published over the weekend.

In these attacks, dubbed MrTonyScam, potential victims are sent messages that entice them into clicking on the RAR and ZIP archive attachments, leading to the deployment of a dropper that fetches the next-stage from a GitHub or GitLab repository.

Read more…