In August 2022, a new cyber threat called VietCredCare emerged in Vietnam, targeting Facebook advertisers and posing a serious risk to businesses and organizations in the region. Targeting Facebook Advertisers in Vietnam

VietCredCare is a type of malware that is particularly sophisticated in its approach to stealing sensitive information from compromised devices. It specifically targets Facebook session cookies and credentials. According to a report by Group-IB, the malware is equipped with an automatic filter that selects Facebook session data and evaluates whether the compromised accounts manage business profiles with positive ad credit balances. Notable Features of VietCredCare

One of the primary objectives of VietCredCare is to facilitate the takeover of corporate Facebook accounts. Threat actors behind this operation aim to manipulate these accounts to disseminate political content, propagate phishing scams, or engage in affiliate fraud schemes for financial gain.

Distribution and Advertisement of VietCredCare

VietCredCare operates under a “stealer-as-a-service” model, catering to aspiring cybercriminals through advertisements on various platforms including Facebook, YouTube, and Telegram. The malware is predominantly managed by individuals fluent in Vietnamese, targeting a specific demographic.

Functionality and Capabilities of VietCredCare

VietCredCare leverages its. NET-based architecture to extract credentials, cookies, and session IDs from popular web browsers such as Google Chrome and Microsoft Edge. It also assesses the nature of Facebook accounts and evades detection by disabling Windows security features.

Risks Posed by VietCredCare

The core functionality of VietCredCare poses significant risks to both public and private sector organizations. Sensitive accounts belonging to government agencies, universities, e-commerce platforms, and banks have already fallen victim to this malware.

Impact on Organizations

The infiltration of VietCredCare into organizational networks can lead to reputational and financial damages. Unauthorized access to Facebook accounts can result in the dissemination of misinformation or fraudulent activities, undermining trust and credibility.

Comparison with Other Stealer Malware

VietCredCare joins a growing list of stealer malware originating from the Vietnamese cybercriminal ecosystem. Its emergence reflects the evolving landscape of cyber threats and the increasing accessibility of cybercrime tools to individuals with limited technical expertise.

Conclusion

The proliferation of VietCredCare underscores the importance of robust cybersecurity measures. Organizations must remain vigilant against emerging threats, implement security best practices, and collaborate with cybersecurity experts to mitigate the risk of data breaches and unauthorized access.

Also Read: Migo Malware Hits Redis Servers