Menu

  • Alerts
  • Incidents
  • News
  • APTs
  • Cyber Decoded
  • Cyber Hygiene
  • Cyber Review
  • Cyber Tips
  • Definitions
  • Malware
  • Threat Actors
  • Tutorials

Useful Tools

  • Password generator
  • Report an incident
  • Report to authorities
No Result
View All Result
CTF Hack Havoc
CyberMaterial
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
Hall of Hacks
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
No Result
View All Result
Hall of Hacks
CyberMaterial
No Result
View All Result
Home Alerts

Massive Facebook Messenger Phishing Campaign

September 12, 2023
Reading Time: 2 mins read
in Alerts

A significant Facebook Messenger phishing campaign is on the rise, targeting approximately 100,000 business accounts per week. Cybercriminals utilize a vast network of fake and compromised Facebook profiles to dispatch millions of phishing messages through Messenger.

Furthermore, these messages trick victims into downloading RAR/ZIP archives containing an evasive Python-based stealer that harvests cookies and passwords stored in web browsers. Guardio Labs’ recent report indicates that about one in seventy targeted accounts ultimately falls victim, resulting in substantial financial losses for businesses.

The attackers initiate this Facebook Messenger phishing campaign by sending deceptive messages to Facebook business accounts, often masquerading as copyright violations or inquiries about products.

These messages contain archives housing batch files that, when executed, retrieve a malware dropper from GitHub repositories, designed to evade detection and minimize traces. The malware collects the victim’s cookies and login data, packaging them into a ZIP archive sent to the attackers via Telegram or Discord bot API.

To maintain control, the stealer wipes all cookies from the victim’s device, forcing logouts and granting scammers the opportunity to hijack compromised accounts by changing passwords.

While the attack chain may not be novel, the scale of this campaign is highly concerning. Guardio Labs reports around 100,000 phishing messages sent each week, with targets mainly located in North America, Europe, Australia, Japan, and Southeast Asia. Approximately 7% of all Facebook business accounts have been targeted, and 0.4% have downloaded the malicious archive.

Guardio Labs attributes this campaign to Vietnamese hackers due to certain strings in the malware and the use of the “Coc Coc” web browser, which is popular in Vietnam.

This campaign highlights the ongoing threat posed by cybercriminals targeting Facebook with large-scale operations, often monetizing stolen accounts through resale on platforms like Telegram and the dark web.

References:
  • Vietnamese Hackers Deploy Python-Based Stealer via Facebook Messenger
  • “MrTonyScam” — Botnet of Facebook Users Launch High-Intent Messenger Phishing Attack on Business Accounts
Tags: Cyber AlertCyber Alerts 2023cyber attackCybersecurityFacebookGuardio LabMessengerPhishingPythonReportsSeptember 2023VulnerabilitiesZIP
ADVERTISEMENT

Related Posts

Malicious Firefox Add Ons Steal Crypto Keys

Malicious Firefox Add Ons Steal Crypto Keys

July 4, 2025
Google Removes 352 ‘IconAds’ Fraud Apps

Google Removes 352 ‘IconAds’ Fraud Apps

July 4, 2025
Browser Cache Attack Bypasses Web Security

Browser Cache Attack Bypasses Web Security

July 4, 2025
Critical Sudo Flaws Expose Linux Systems

Unkillable Mac Malware From North Korea

July 3, 2025
Critical Sudo Flaws Expose Linux Systems

PDFs Deliver QR Codes in Callback Scams

July 3, 2025
Critical Sudo Flaws Expose Linux Systems

Critical Sudo Flaws Expose Linux Systems

July 3, 2025

Latest Alerts

Google Removes 352 ‘IconAds’ Fraud Apps

Malicious Firefox Add Ons Steal Crypto Keys

Browser Cache Attack Bypasses Web Security

PDFs Deliver QR Codes in Callback Scams

Critical Sudo Flaws Expose Linux Systems

Unkillable Mac Malware From North Korea

Subscribe to our newsletter

    Latest Incidents

    Tech Incubator IdeaLab Discloses Data Breach

    Brazil’s CIEE One Exposes 248,000 Records

    McLaughlin & Stern Discloses Data Breach

    Cyberattack Hits Medtech Firm Surmodics

    Rhysida Ransomware Hits German Charity WHH

    Hacker Accesses Max Financial’s User Data

    CyberMaterial Logo
    • About Us
    • Contact Us
    • Jobs
    • Legal and Privacy Policy
    • Site Map

    © 2025 | CyberMaterial | All rights reserved

    Welcome Back!

    Login to your account below

    Forgotten Password?

    Retrieve your password

    Please enter your username or email address to reset your password.

    Log In

    Add New Playlist

    No Result
    View All Result
    • Alerts
    • Incidents
    • News
    • Cyber Decoded
    • Cyber Hygiene
    • Cyber Review
    • Definitions
    • Malware
    • Cyber Tips
    • Tutorials
    • Advanced Persistent Threats
    • Threat Actors
    • Report an incident
    • Password Generator
    • About Us
    • Contact Us
    • Advertise with us

    Copyright © 2025 CyberMaterial