"Vietnamese Hackers Linked to 'Malverposting' Campaign"

According to security researchers at Guardio Labs, a recent "malverposting" campaign linked to a Vietnamese threat actor has been ongoing for months and is estimated to have infected over 500,000 devices worldwide in the past three months alone.  The researchers stated that malverposting is the use of promoted social media posts and tweets to propagate malicious software and other security threats, and in this case, the abuse of Facebook's Ads service to deliver malware.  The researchers noted that the initial enabler for those numbers is the abuse of Facebook's Ads service as the first stage delivery mechanism responsible for this mass propagation.  The researchers observed that the Vietnamese campaign relied on malverposting while it evolved various evasion techniques.  It particularly focused on the USA, Canada, England, and Australia.  The researchers noted that this threat actor is creating new business profiles as well as hijacking real, reputable profiles with even millions of followers.  They also repeatedly posted malicious clickbait on Facebook feeds promising adult-rated photo album downloads for free.  Once victims click on those posts/links, a malicious ZIP file is downloaded to their computers.  Inside are photo files (that are actually masqueraded executable files) that, when clicked, will initiate the infection process.  The executable then opens a browser window popup with a decoy website showing related content.  The researchers noted that while in the background, the stealer will silently deploy, execute and gain persistence to periodically exfiltrate one's sessions cookies, accounts, crypto-wallets, and more.  The researchers clarified that they observed several variations of the latest payload, yet all shared a benign executable file to start the infection flow.

Infosecurity reports: "Vietnamese Hackers Linked to 'Malverposting' Campaign"