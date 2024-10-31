Facebook Businesses Targeted in Infostealer Phishing Campaign

The threat actors deceive their victims by impersonating the legal teams of companies, well-known Web stores, and manufacturers.

Dark Reading Staff, Dark Reading

October 31, 2024

1 Min Read
A fish hook layered over a digital triangle, bordered in glowing purple, filled in with glowing red. Blue binary code is in the background
Source: Andrea Danti via Alamy Stock Photo

An unknown threat actor is targeting Facebook businesses and advertising account users in Taiwan through a phishing campaign, using decoy emails and fake PDF filenames.

These dupes are designed to impersonate a company's legal team and lure the victim in with its falsified details, convincing them to download and execute malware.

In addition, the bad actors sent phishing emails from a well-known industrial motor manufacturer and a famous online store in Taiwan, claiming copyright infringement by the business.

"The emails demand the removal of the infringing content within 24 hours, cessation of further use without written permission, and warn of potential legal action and compensation claims for non-compliance," said Cisco Talos researchers, which observed the scams in action.

They said the threat actors also use a variety of techniques and tools to evade antivirus detection and sandbox analysis, such as shellcode encryption, code obfuscation, and embedding LummaC2 and Rhadamanthys information stealers into legitimate binaries.

Lumma Stealer is a malware designed to exfiltrate information from compromised systems, targeting system details, Web browsers, and browser extensions, among other data.

Rhadamanthys is a sophisticated infostealer sold on underground forums that first emerged two years ago. It gathers system information, credentials, cryptocurrency wallets, passwords, cookies, and data from other applications. 

This phishing campaign has been ongoing since at least July; the initial vector of the campaign is a malware download link included in a phishing email using typical decoys in traditional Chinese, indicating that the target victims are Chinese speakers.

About the Author

Dark Reading Staff

Dark Reading Staff

Dark Reading

Dark Reading is a leading cybersecurity media site.

See more from Dark Reading Staff
Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.
Subscribe

You May Also Like

More Insights
Webinars
More Webinars

Editor's Choice

A laptop on the table with software update progress bar on screen
Vulnerabilities & Threats
5 Zero-Days in Microsoft's October Update to Patch Immediately5 Zero-Days in Microsoft's October Update to Patch Immediately
byJai Vijayan, Contributing Writer
Oct 8, 2024
4 Min Read
Flags of Russia and Ukraine
Cyber Risk
EU Plans Sanctions for Cyberattackers Acting on Behalf of RussiaEU Plans Sanctions for Cyberattackers Acting on Behalf of Russia
byJennifer Lawinski, Contributing Writer
Oct 10, 2024
1 Min Read
A face scan of Indian Prime Minister Modi
Threat Intelligence
AI-Powered Cybercrime Cartels on the Rise in AsiaAI-Powered Cybercrime Cartels on the Rise in Asia
byNate Nelson, Contributing Writer
Oct 10, 2024
4 Min Read
Reports
More Reports
Webinars
More Webinars
White Papers
More Whitepapers