A new malicious software named Snake, discovered by Cybereason, is being distributed through messages on Facebook. This Infostealer, written in Python, is specifically designed to steal confidential data from users. The stolen data is then transmitted to various platforms, including Discord, Github, and Telegram. The malicious campaign initially surfaced on the social network X in August 2023, with attacks involving sending potential victims RAR or ZIP archives that, upon opening, initiate the infection process.
The infection process involves two stages using Batch script and CMD script, with the CMD script being responsible for loading and executing a malicious program from the attacker’s repository on Gitlab. Cybereason researchers have identified three different hazardous variants of the malware, one being an executable file created using PyInstaller. This Infostealer targets data from various web browsers, including the Vietnamese browser CốC CốC, suggesting a focus on the Vietnamese audience.
The collected data, which includes account information and cookies, is then exported in the form of a ZIP archive through Telegram Bota. The malware also aims to steal Facebook cookie information, hinting at cybercriminals’ intentions to hijack accounts for their own gain. The connection to the Vietnamese language is further highlighted by the naming of repositories on Github and Gitlab and the presence of links to the Vietnamese language in the source code, catering to the Vietnamese community’s use of the CốC CốC browser.
* META and its products are considered extremist, and their activities are prohibited in the Russian Federation.