VietCredCare Stealer Targets Victims in Vietnam

Since at least August 2022, advertisers on Facebook in Vietnam have been targeted by an unknown information-stealing malware known as VietCredCare. This malicious software is noteworthy for its automatic filtering of Facebook session cookies and stolen credentials from compromised devices. It evaluates whether the targeted accounts manage business profiles and maintain a positive Meta ad credit balance, according to a report from Singapore-based Group-IB.

The primary objective of this widespread malware distribution is to take over corporate Facebook accounts, focusing on Vietnamese individuals responsible for managing profiles of prominent businesses and organizations. Once successfully seized, these compromised accounts are utilized by threat actors to post political content or propagate phishing and affiliate scams for financial gain.

VietCredCare Sold as a Malware Service

VietCredCare operates under a stealer-as-a-service model and is advertised on platforms such as Facebook, YouTube, and Telegram. It is believed to be managed by individuals who speak Vietnamese. Potential customers can either purchase access to a botnet managed by the malware's developers or acquire the source code for resale or personal use. Additionally, customers are provided with a customized Telegram bot to handle the exfiltration and delivery of credentials from infected devices.

Distributed through links on fake sites in social media posts and instant messaging platforms, the .NET-based malware disguises itself as legitimate software like Microsoft Office or Acrobat Reader to deceive users into installing it. A key feature of VietCredCare is its capability to extract credentials, cookies, and session IDs from web browsers like Google Chrome, Microsoft Edge, and Cốc Cốc, emphasizing its focus on Vietnamese targets.

The malware can also retrieve a victim's IP address, determine if a Facebook account is a business profile, and assess whether the account is currently managing any ads. To avoid detection, it takes measures such as disabling the Windows Antimalware Scan Interface (AMSI) and adding itself to the exclusion list of Windows Defender Antivirus. Numerous credentials from government agencies, universities, e-commerce platforms, banks, and Vietnamese companies have been compromised through this stealer malware.

By Zaib
February 21, 2024
Computer Security
English
February 21, 2024
Computer Security

Popular Posts

As Fears of the Coronavirus Pandemic Spread, So Does...

5 years ago

What is the OperaGXSetup.exe File and is it Malicious?

11 months ago

Eporner.com And Why Its Excessive Pop-Ups Are Risky

11 days ago

HackTool:Win32/Crack: a Malicious Threat That Can Seriously...

7 months ago

Take Note: Someone Added You As Their Recovery Email Scam

10 months ago

A Potentially Serious Threat: Trojan:Win32/Suschil!rfn

18 days ago

Related Posts

Computer Security

Statc Stealer Targets Windows Systems

A recently discovered strain of malicious software called Statc Stealer has been identified as infecting computers operating on the Microsoft Windows system. This malware specializes in extracting sensitive personal... Read more

August 11, 2023
Malware

Growtopia Stealer Scrapes Info from Victims

Growtopia stealer is the name of a malicious tool distributed online and coded and compiled using the C# language. The file is disguised as an automatic farming tool for the online game Growtopia and is even named... Read more

May 19, 2022
Computer Security

EMPTYSPACE Downloader Targets Italian Victims

UNC4990, a financially motivated threat actor, is utilizing weaponized USB devices as an initial means of infecting organizations in Italy. According to a report from Mandiant, a security company which Google acquired... Read more

February 1, 2024
English
Loading...

Cyclonis Password Manager Details & Terms

FREE Trial: 30-Day One-Time Offer! No credit card required for Free Trial. Full functionality for the length of the Free Trial. (Full functionality after Free Trial requires subscription purchase.) To learn more about our policies and pricing, see EULA, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.

Home

Products

Cyclonis Password Manager Cyclonis World Time

Support

Help Files FAQs Downloads Inquiries & Support

Company

About Us Contact Us Report Abuse

Legal (Post Merger)

EnigmaSoft Limited (fka Cyclonis Limited)

Cyclonis Password Manager's EULA Cyclonis World Time's Terms of Service Privacy Policy Cookie Policy Special Discount Offer Terms Additional Terms & Conditions SpyHunter EULA RegHunter EULA EnigmaSoft Privacy Policy & Cookie Policy ESG Privacy Policy & Cookie Policy EnigmaSoft Discount Offer Terms ESG Discount Offer Terms

© 2017-2025 Cyclonis Ltd. CYCLONIS is a trademark of EnigmaSoft Limited (Cyclonis was merged into EnigmaSoft Limited effective November 25, 2023.) All rights reserved.

Registered Office EnigmaSoft Limited: 1 Castle Street, 3rd Floor, Dublin 2 D02 XD82, Ireland.
EnigmaSoft Limited, Private Company Limited by shares, Company Registration Number 597114.

Windows is a trademark of Microsoft, registered in the U.S. and other countries.
Mac, iPhone, iPad and App Store are trademarks of Apple Inc., registered in the U.S. and other countries.
iOS is a registered trademark of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.
Android and Google Play are trademarks of Google LLC.