Vietnamese Facebook users are being targeted by the malicious 'Snake' campaign

According to TechRadar , a new study has warned that bad guys are taking advantage of Facebook messages to deploy a sophisticated Python-based infostealer tool called Snake.

Accordingly, researchers at security solutions company Cybereason shared details of this dangerous attack campaign, saying that Snake's main goal is to steal sensitive data and login information from naive users. This appears to be a relatively new campaign, first detected in August 2023 and showing signs of targeting Vietnamese users.

In terms of attack methods, the attackers will send messages with curious content, often mentioning the victim's sensitive video exposure, along with links to download compressed RAR or ZIP files. Although seemingly harmless, when opened, they will trigger an infection chain involving two malware downloaders, including a batch script and a cmd script. In which, the cmd script is responsible for executing the Snake information stealing tool from the attacker-controlled GitLab repository.

Cybereason has identified three variants of Snake, with the third being an executable created by PyInstaller and targeting users of the Cốc Cốc browser, which is popular in Vietnam.

Once collected, the login information and cookies were shared across multiple platforms, including Discord, GitHub, and Telegram. The malware also targeted Facebook accounts by extracting cookie information, which could indicate that the account takeover was intended to be used for malware-spreading purposes.

The campaign appears to be linked to hackers from Vietnam, as the naming convention of the attacker-controlled repositories is said to have Vietnamese references in the source code, such as 'hoang.exe' or 'hoangtuan.exe', or the GitLab link that appears to be related to the name 'Khoi Nguyen'.

Cybereason also noted that the malware also targets other browsers such as Brave, Chromium, Google Chrome, Microsoft Edge, Mozilla Firefox, and Opera.

The discovery comes amid increased scrutiny of Facebook for its perceived lack of support for victims of account hijacking. To protect themselves, users are advised to take security precautions, particularly using complex passwords and two-factor authentication (2FA).