Threat actors connected to Vietnamese cybercrime organizations are using social media advertising tools to distribute malware. WithSecure noted that multiple Vietnamese groups overlap in their capabilities, infrastructure, and victimology. This indicates the threat actors likely collaborate to conduct malware attacks on a variety of social platforms, including Facebook.
Ducktail and NodeStealer are two activity clusters associated with this sort of activity. Malware operators commonly use URL shortener services, employ Telegram for command-and-control (C2), and host malicious payloads on legitimate cloud services. Ducktail operators leverage marketing projects and employment opportunities as lures for Meta Business platform users. Once users interact with a booby-trapped job description, the file deploys the Ducktail stealer malware to take over Facebook business accounts. Ducktail operators sell these hijacked accounts online for prices ranging from $15 to $300 according to their utility for future malicious activity. On LinkedIn, threat actors employ a similar tactic, utilizing stolen identities with large follower numbers to contact other targets.
Read More:
https://thehackernews.com/2023/09/vietnamese-cybercriminals-targeting.html
