A cyber attack campaign determined to originate from Vietnam is targeting countries including India, China, South Korea, Bangladesh, Pakistan, Indonesia and even Vietnam. Hackers use viruses and spyware to steal victims' credentials, financial data, and social media accounts, including business and advertising accounts.
Experts said that hackers have mobilized many different virus strains in the attack campaign. In particular, RotBot (a customized variant of the Quasar RAT virus) is responsible for controlling the victim's computer, while XClient malware steals social network accounts such as Facebook, Tiktok, Youtube, Instagram, and takes screenshots. follow the victim. To steal business and advertising accounts and increase earning potential, hackers use different virus strains such as Ducktail, NodeStealer and VietCredCare.
The malicious code has Vietnamese content
All stolen data is compiled into a zip file and sent via the hacker's Telegram channel. Virus analysis results as well as investigation from the hacker's Telegram channel show that much content is in Vietnamese.
Bkav experts said that it is likely that the attackers used many tricks to trick users into downloading these files via email, links or files sent via chat applications. Therefore, users need to be vigilant, do not open any strange, unauthenticated files sent from email, and do not immediately trust messages or links of unknown origin, even if they are sent from a known person. . Besides, it is important to install a strong enough anti-virus software for permanent protection.