Phishing Messages: MrTonyScam: How criminals are using hacked Facebook accounts to dupe thousands

Facebook Allows users to send messages. according to a report by Guardio Labs (Seen by Bleeping Computer), researchers warn that hackers are now using a widely spread network of fake and hacked facebook account to send phishing message, Through these messages, cyber criminals are trying to trick people into installing password-stealing malware.
How hackers are targeting users
These messages contain a RAR/ZIP archive that contains a downloader for a stealthy Python-based stealer. This file can steal cookies and passwords stored in the victim’s browser. Researchers have discovered that approximately one in seventy targeted accounts are being compromised and are causing massive financial losses to users. The report also includes screenshots to explain how these Facebook messages work.
First, hackers send phishing messages to Facebook business accounts. These messages either pretend to report copyright infringement or request more information about a product. The attached archive contains a batch file which, if executed, could invoke a malware dropper. GitHub Repositories to avoid blocklists and narrow down specific niches.
In addition to the payload (project.py), the batch script also brings a standalone Python Environment This is essential for malware that steals information and adds stamina by setting the stealing binary to execute at system startup. The Project.py file comes with five layers of security that confuses and makes it more challenging for AV engines to detect the threat.
This malware can collect cookies and login data stored on the victim’s web browser into a zip archive called ‘Document.zip’. It then sends the stolen information to the attackers through Telegram or Discord bot API.

Finally, the thief clears all cookies from the victim’s device and logs them out of their accounts. This gives scammers enough time to hijack the newly hacked account by changing the password.
It is important to note that it takes a while for social media companies to respond to emails about hijacked accounts. This gives cyber criminals more time to misuse hacked accounts with fraudulent activities.
Scale of hacking campaign discovered guardio LAB is worrying because it is widespread and affecting many areas. According to the report, about 100,000 phishing messages were sent every week mainly to Facebook users in North America, Europe, Australia, Japan, and Southeast Asia.
The report also said that about 7% of all business accounts on Facebook have been targeted. Out of which the malicious archive was downloaded by 0.4% accounts. However, to get infected with malware, users still have to execute the batch file,
Guardio also blamed Vietnamese hackers for the campaign. Researchers discovered strings in the malware that used the “Kok Kok” web browser, which is popular in Vietnam.