Hackers use a massive network of fake and compromised Facebook accounts to send out millions of Messenger phishing messages to target Facebook business accounts with password-stealing malware.
The attackers trick the targets into downloading a RAR/ZIP archive containing a downloader for an evasive Python-based stealer that grabs cookies and passwords stored in the victim’s browser.
In a new report by Guardio Labs, researchers warn that roughly one out of seventy targeted accounts is ultimately compromised, translating to massive financial losses.
Read more of this article on Bleeping Computer.