Guardians of the Digital Realm are Battling the Facebook Messenger Phishing Menace

Gather around, ladies and gentlemen, as we enter the wild world of cyber warfare, where hackers are running wild through the digital alleyways of Facebook Messenger. When you grow up watching those superheroes or vigilante movies that save the world in secrecy, you lowkey did expect to meet one someday, right? Well, this might be your chance.

It's a tale of duplicity, compromised accounts, and a devious Python-based thief so cunning that a cat burglar looks inept. Brace yourself because we're about to delve into a cyber drama that's wreaking havoc on corporate accounts at an alarming rate.

The Phantom Network of Phishing

Consider this: an extensive network of bogus and compromised Facebook profiles, all at the disposal of malicious hackers. These cybercriminals are on a mission, and the Messenger phishing message is their weapon of choice. They're sending millions of these cleverly disguised messages, all aimed at Facebook business accounts. What is their ultimate goal, you may wonder? Malware that steals passwords. Yes, you read it correctly; they want your digital keys.

The Bait and the Hook

Now, how do these hackers manage to reel in their unsuspecting victims? It's all about the bait. They masquerade as copyright enforcers or folks inquiring about a product. Imagine someone knocking on your virtual door, claiming you've violated copyright, or asking about a product, and you let them in. That's essentially what's happening here. And with that Messenger message comes a little gift – a RAR/ZIP archive.

A downloader for an evasive Python-based stealer is hidden inside this digital Trojan horse. Once on your system, it acts like a silent ninja, stealing cookies and passwords stored in your browser. It's a cunning digital theft, and you're none the wiser.

The Layers of Stealth

The Python-based stealer, affectionately named "project.py," is not your run-of-the-mill malware. It's like a Russian nesting doll of obfuscation, featuring not one, not two, but five layers of digital camouflage. It's so crafty that even the most sophisticated antivirus engines find it hard to catch this slippery character.

Once inside your system, this malware grabs your browser's cookies and login information. It's like a virtual pantry raid, only stealing your digital breadcrumbs instead of treats. All this stolen information is combined into a ZIP archive called 'Document.zip' and given to the hackers via Telegram or Discord bot API.

The Grand Finale: Account Hijacking

But the heist isn't over yet. The Python stealer has one last trick up its sleeve. It wipes all the cookies from your device, essentially logging you out of your accounts. Why, you ask? Simple – to give the scammers a head start. They hijack your freshly compromised account by changing the passwords, and you're left scratching your virtual head.

The kicker is that social media corporations can take their time replying to emails concerning stolen accounts. It's analogous to standing in line at the DMV but in the digital realm. Meanwhile, the hackers have taken over your account and are engaged in various fraudulent actions.

The Scale of Cyber Carnage

Now, let's talk about the sheer scale of this cyber onslaught. Guardio Labs, the digital defenders on the front lines, report a mind-boggling 100,000 phishing messages per week. It's like a digital hurricane hitting Facebook users in North America, Europe, Australia, Japan, and Southeast Asia. This isn't your run-of-the-mill phishing expedition; it's a full-blown cyberstorm.

And the figures are astounding. These hackers have targeted approximately 7% of all Facebook business accounts, with 0.4% falling victim to the malicious archive. The question is, how many accounts have been actually hijacked? We don't know the answer, but it's not a small number.

The Vietnamese Connection

Now, let's play detective for a moment. Who's behind this grand cyber caper? Guardio attributes this campaign to Vietnamese hackers, and they've got the breadcrumbs to prove it. Strings in the malware and using the "Coc Coc" web browser, apparently popular in Vietnam, point in that direction.

And if you still need convincing, how about a small Vietnamese message? "Thu Spam ln th," given to the Telegram bot with a timer, translates as "Collect Spam for the X time." It's the same as discovering a letter in a robbery hideout that says, "Don't forget to buy milk!"

The Endless Pursuit of Cyber Wealth

Vietnamese hacker groups have been making quite a name for themselves in cybercrime. They've been monetizing their ill-gotten gains by reselling stolen accounts through Telegram or dark web markets. It's like a digital black market where your personal information is the hottest commodity.

This isn't the first rodeo in the grand tapestry of Facebook's battles against cyber threats. In May 2023, Facebook disrupted a Vietnam-originated campaign featuring a new info-stealer malware named 'NodeStealer.' In April 2023, Guardio Labs uncovered another Vietnamese threat actor who used Facebook's Ads service to infect half a million users with info-stealing malware. It's like a game of cat and mouse but in the virtual realm.


In conclusion, the Facebook Messenger phishing wave is a digital rollercoaster of epic proportions. It's a heist story with a twist, where hackers leave no stone unturned in pursuing digital wealth. While the digital guardians do their best to keep us safe, it reminds us that the virtual world is not without peril. So, keep alert, digital citizens, since the cyber battlefield is ever-changing, and hackers are always one step ahead.

Read next: Ransomware Affected 80% of Education Providers in 2023
Previous Post Next Post