New research has revealed that threat actors are leveraging Facebook messages to deploy a sophisticated Python-based infostealer, known as Snake.
Researchers at Cyberason have shared details of the attack, indicating that Snake’s primary objective is to capture sensitive data and credentials from unsuspecting users.
It looks to be a relatively new campaign, which was first brought to light on X in August 2023, shows bias towards Vietnamese victims.
Facebook infostealer targeting Vietnamese users
The attack uses seemingly harmless RAR or ZIP files, which, once opened, trigger an infection sequence that involves two additional downloaders – a batch script and a cmd script. The cmd script is responsible for executing the Snake infostealer from an actor-controlled GitLab repo.
Cybereason…
Source link