Discovered a huge network of appropriating bank accounts, Facebook, Gmail... in Vietnam
Multiple account types, from bank accounts to website management accounts.
Tracking the crime
Recently, in the process of enhancing the security of the company's system, a group of security experts from the Information Security Department under VCCorp accidentally discovered and tracked down a large-scale information theft ring in Vietnam. By exploiting web browsers, this group of hackers got their hands on many account information belonging to the systems of many large organizations.
 |
Specifically, on June 21, when detecting unusual signs in an administrator account on a familiar website, a team of security experts immediately began investigating the cause. After implementing many professional measures, they determined that the account information had been stolen from this employee's personal computer, by a malware in the form of an extension on the Chrome browser.
 |
| Malicious extensions masquerading as Internet Download Manager have been around for quite some time on the Chrome Web Store. |
Note: the author of this extension has been confirmed to be fake, the purpose is currently being clarified.
Unprecedented amount of stolen information
Notably, this is an extension that imitates the IDM extension - Internet Download Manager, which is very popular in Vietnam, and can be used on the two leading browsers Google Chrome and Coc Coc. Although this form of fraud is not unfamiliar, the sophistication and professionalism in the way it is done, as well as the fact that the victims are Vietnamese, the experts continued to follow the very small traces. The results found really surprised the entire group of experts - even though they were familiar with the eventful world of cyber security.
Hackers have taken over a large number of electronic accounts, including Vietcombank accounts.
According to preliminary statistics, this hacker group has stolen login information (Username/Password) of about 55,000 Facebook accounts, 6,000 Google accounts, 5,000 Yahoo accounts and most frighteningly, more than 5 million cookies from popular sites such as Facebook, Google Mail, Yahoo Mail, Hotmail or even PayPal. With the hacker group owning cookies, even if you are careful to use the 2-layer security feature, unfortunately, they can still completely take over your rights.
 |
| Many bank customers are also victims of hackers. |
 |
The group of experts also noted that this type of malware has existed for quite a long time but has not been “caught” and prevented by antivirus software because of its cunning infection method. Users can “accidentally” be infected with this malware through two main ways:
1. Infection through the distribution of pirated software (crack):
When users download pirated software from any website (uploaded by hackers), the crack files will include a file that executes the following tasks: close the browser (Chrome/Coc Coc) if it is running, create a connection to the page containing the extension, and finally download the extension and install it on the victim's computer.
2. Use curious links:
Previously, by circumventing the law, hackers were able to upload up to 11 different versions of this fake extension on the Chrome Web Store. Hackers would spread many curious links, and after clicking on them, victims would receive an invitation to install a “plugin” (to view content, to surf the web better, etc.). Since the extension exists legally on the Chrome Web Store, most users will accept the installation.
How did the hacker upload up to 11 different versions of this malicious extension and bypass many security tools? Due to the limited scope of this article, we will provide detailed information to readers in the next article. Returning to the incident, this extension, after being installed, will steal the victim's login information when accessing any website, as well as collect all user cookies and send them to the hacker's server.
Therefore, when reading this article, readers should immediately take the following steps, especially when they find themselves having behaviors similar to those mentioned in the 2 infection methods above:
- Check extensions in your computer browser.
- If there are any suspicious signs such as using unnecessary permissions in any extension, delete it immediately.
- Change all passwords on all your electronic accounts.
Along with checking your computer, readers should actively share this information with people around them, especially those who have little knowledge about technology. Do not let bad guys steal people's information, or take advantage of it for more dangerous purposes.
According to Genk.vn
| RELATED NEWS |
|---|
