A new cyber threat, VietCredCare, is causing concern in Vietnam, particularly amongst those who manage business profiles on popular social networking platforms. The advanced malware has been detected by the dedicated High-Tech Crime Investigation team from cyber security global leader, Group-IB. Since August 2022, VietCredCare has been actively targeting Vietnamese users, stealing session cookies and credentials, with particular attention given to accounts with positive Meta ad credit balances.

According to Group-IB, the malware is not merely a tool for information theft; it is also designed to usurp business accounts on Facebook and use them for political content dissemination or financial misconduct. This includes activities such as phishing, selling stolen credentials, and other sophisticated financial crimes. Due to these capabilities, the impact of VietCredCare has been widely felt across Vietnam, extending throughout 44 different provinces, with a notable presence in larger urban areas such as Hanoi, Ho Chi Minh City, and Da Nang.

Worryingly, VietCredCare is promoted and available as a Stealer-as-a-Service, which makes this advanced malware accessible to cyber criminals seeking to exploit stolen data. Group-IB's findings indicate that the malware has compromised crucial sectors' credentials, with data breaches detected in government agencies, significant enterprises, universities, e-commerce platforms, and banks.

In response to this growing threat, Group-IB has taken proactive steps, alerting the affected entities and collaborating with Vietnamese law enforcement to confront and mitigate this cyber threat. The levels of digital safety and business security involved hold serious implications, not only for the citizens of Vietnam but also for the region as a whole.

The cyber-attacks indicate a continuously evolving danger in the cyber landscape, causing experts to call for increased security awareness. Cybercriminals leveraged the malware in sophisticated phishing attacks to coax internet users into inadvertently downloading and opening VietCredCare onto their devices. This led to an exfiltration of metacognitive data from Chrome, Chromium, MS Edge, and more, which was then sent to the malware's operators.

VietCredCare operates entirely under a Stealer-as-a-Service model, advertised not only on the dark web but also on social media outlets such as Facebook and YouTube. Cybercriminals can either enlist the malware's developers for botnet management or gain access to the source code for personal use or resale. The malware is managed using a unique Telegram bot, which is accountable for managing the exfiltration and delivery of stolen device credentials.

Group-IB's Head of the High-Tech Crime Investigation Department, APAC, Vesta Matveeva, has urgently advised people to enable two-factor authentication on their social media accounts and refrain from clicking on untrusted links. "VietCredCare," states Matveeva, "Puts organisations in both the public and private sectors at risk of reputational and financial damages if their sensitive accounts are compromised."

In an effort to curtail cybercrime and tackle these complex digital threats, Group-IB remains committed to strengthening cybersecurity technologies and supporting businesses, citizens, and law enforcement efforts worldwide.