Home Security Vietnamese Risk Actor Infects 500,000 Gadgets Utilizing ‘Malverposting’ Techniques

Vietnamese Risk Actor Infects 500,000 Gadgets Utilizing ‘Malverposting’ Techniques

by crpt os


May 01, 2023Ravie LakshmananMalverposting / Scam

A Vietnamese threat actor has been attributed as behind a “malverposting” campaign on social media platforms to infect over 500,000 devices worldwide over the past three months to deliver variants of information stealers such as S1deload Stealer and SYS01stealer.

Malverposting refers to the use of promoted social media posts on services like Facebook and Twitter to mass propagate malicious software and other security threats. The idea is to reach a broader audience by paying for ads to “amplify” their posts.

According to Guardio Labs, such attacks commence with the adversary creating new business profiles and hijacking already popular accounts to serve ads that claim to offer free adult-rated photo album downloads.

Cybersecurity

Within these ZIP archive files are purported images that are actually executable files, which, when clicked, activate the infection chain and ultimately deploy the stealer malware to siphon session cookies, account data, and other information.

The attack chain is highly effective as it creates a “vicious circle” wherein the information plundered using the stealer is used to create an ever-expanding army of hijacked Facebook bot accounts that are then used to push more sponsored posts, effectively scaling the scheme further.

To slip under the radar of Facebook, the threat actor has been found to pass off the newly generated business profile pages as photographer accounts. A majority of the infections have been reported in Australia, Canada, India, the U.K., and the U.S.

The method through which the PHP-based stealer is deployed is said to be constantly evolving to incorporate more detection evasion features, suggesting that the threat actor behind the campaign is actively refining and retooling their tactics in response to public disclosures.

“The malicious payload is quite sophisticated and varies all the time, introducing new evasive techniques,” Guardio Labs security researcher Nati Tal said.

UPCOMING WEBINAR

Learn to Stop Ransomware with Real-Time Protection

Join our webinar and learn how to stop ransomware attacks in their tracks with real-time MFA and service account protection.

Save My Seat!

The findings come as Group-IB revealed details of an ongoing phishing operation that’s aimed at Facebook users by tricking them to enter their credentials on fake copycat sites designed to steal their account credentials and take over the profiles.

Malverposting

In a related development, Malwarebytes unearthed a malvertising campaign that has been found to trick users searching for games and food recipes on Google to serve malicious ads that redirect them to fake websites created on Weebly with the goal of conducting a tech support scam.

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.





Source link

Related Articles

xxxanti beeztube.mobi hot sexy mp4 menyoujan hentaitgp.net jason voorhees hentai indian soft core chupatube.net youjzz ez2 may 8 2023 pinoycinema.org ahensya ng pamahalaan pakistani chut ki chudai pimpmovs.com www xvedio dost ke papa zztube.mobi 300mbfilms.in صور مص الزب arabporna.net نهر العطش لمن تشعر بالحرمان movierulz plz.in bustyporntube.info how to make rangoli video 穂高ゆうき simozo.net 四十路五十路 ロシアav javvideos.net 君島みお 無修正 افلام سكس في المطبخ annarivas.net فيلم سكس قديم rashmi hot videos porncorn.info audiosexstories b grade latest nesaporn.pro high school girls sex videos real life cam eroebony.info painfull porn exbii adult pics teacherporntrends.com nepali school sex