Security Affairs reports that the new Python-based information-stealing malware dubbed Snake has been distributed through malicious messages on Facebook Messenger since August.
Attacks commence with the delivery of direct messages on Messenger that lure recipients into downloading RAR or ZIP files that contain a batch script, which triggers the infection chain and the eventual deployment of the Snake infostealer, according to a Cybereason report. Aside from scouring sensitive data from several web browsers, including Google Chrome, Mozilla Firefox, Microsoft Edge, Brave, and Coc Coc Browser, the Snake infostealer has also been gathering Facebook-specific cookie details. "This behavior is likely for the Threat Actor to hijack the victim's Facebook account, potentially to expand their infection," said the report, which also associated the attack campaign with Vietnamese threat actors due to observed script comments and naming schemes, as well as the targeting of the Coc Coc Browser prevalently used in Vietnam.
