Vietnamese Hackers Launch Massive Facebook Phishing Attack

Desk Report

Updated on:

Vietnamese Hackers Launch Massive Facebook Phishing Attack

Vietnamese hackers launched a global Facebook phishing attack in recent months. They sent lots and lots of fake messages to people on Facebook all over the world. Can you believe it? They sent 100,000 fake messages every week!

This alarming campaign primarily targets Facebook business accounts. It employs deceptive Messenger messages disguised as copyright violations or requests for additional information.

By exploiting unsuspecting victims, the hackers have managed to monetize stolen accounts. They do it through reselling on Telegram or dark web markets.

This article will talk about a tricky attack, how it affected people, and who did it, all in detail.

Vietnamese Hackers Launch Massive Facebook Phishing Attack

Facebook Phishing Attack Spreads

A Facebook phishing attack has been spreading rapidly, targeting users around the world.

This large-scale campaign is attributed to Vietnamese hackers. It involves the distribution of phishing messages to Facebook business accounts.

The attack has had a significant impact on hijacked accounts. And it raises concerns about the scale and sophistication of such attacks.

Scale of Phishing Messages

Approximately 100,000 phishing messages are being sent per week. They target Facebook users in North America, Europe, Australia, Japan, and Southeast Asia.

This alarming scale of the phishing campaign has been observed and reported by Guardio Labs.

The messages are primarily sent to Facebook business accounts. It appears as copyright violation notifications or requests for more information.

The attached archive contains a batch file that fetches a malware dropper. This then fetches a Python environment for infostealing malware. The malware is designed with five layers of obfuscation to evade antivirus engines.

While the number of hijacked accounts remains unknown, it is believed to be significant. Vietnamese hackers are attributed to this campaign. They did similar bad things before, like taking information and doing bad stuff with Facebook ads.

The stolen accounts are monetized through reselling on Telegram or dark web markets.

The impact on victims is significant, with stolen login data and cookies used for fraudulent activities. Social media companies must be quick when people say their accounts are stolen. This helps users not lose money. It’s really important!

Related: AI Integration: Founders Reveal Future Business Impact

Related: Microsoft AI Researchers’ Massive Data Breach

Impact on Hijacked Accounts

The fraudulent activities conducted with hijacked accounts can result in significant financial losses. It happens for the compromised users.

Once the attackers gain access to the victims’ accounts, they change passwords. And they proceed to engage in various fraudulent activities.

This can include unauthorized purchases, money transfers, or even the sale of hijacked accounts on platforms. Such as Telegram or dark web markets.

Victims often suffer not only financial losses but also reputational damage. Because their accounts are used to carry out illicit activities.

Additionally, social media companies may take some time to respond to reports of hijacked accounts. It’s prolonging the period of vulnerability for the compromised users.

People and businesses need to be very careful. They should do things to keep their accounts safe from these bad attacks.

Attribution to Vietnamese Hackers

Attribution to Vietnamese Hackers

This campaign was attributed to threat actors from Vietnam. It demonstrates the utilization of various techniques to compromise Facebook business accounts and monetize stolen information.

The malware used in the attack contains strings and employs the popular Coc Coc web browser in Vietnam. Vietnamese threat groups have previously targeted Facebook. They used info-stealing malware named NodeStealer and abused the platform’s Ads service.

The stolen accounts are monetized through reselling on Telegram or dark web markets. The impact on victims is significant, as the malware collects cookies and login data from their web browsers. This is then sent to the attackers via Telegram or Discord bot API.

Attackers change passwords and engage in fraudulent activities with the hijacked accounts. Because social media companies may take time to respond to reports.

As highlighted in Guardio Labs’ report, this campaign underscores the scale and attribution to Vietnamese hackers.


In the end, the big Facebook attack by the Vietnamese hackers made many people worried and upset all around the world. It caused lots of problems for Facebook users.

The alarming scale of the campaign, with thousands of phishing messages sent out each week. It highlights the need for increased vigilance and cybersecurity measures.

The sophisticated nature of the attack is designed to evade detection and collect sensitive information. It demonstrates the attackers’ advanced capabilities.

This cyber threat poses a significant risk to individuals and businesses. It’s emphasizing the importance of staying informed and protected.

Leave a Comment