Codenamed VietCredCare by that Group-IB researchers who discovered it, the info stealer has victimized 44 of Vietnam’s 63 provinces, with the highest concentration of compromised devices located in Hanoi (51% of victims), Ho Chi Minh City (33%) and Da Nang (3%). Other casualties include:

    • 9 Vietnamese government agencies
    • the National Public Service Portals of 12 cities/provinces
    • 65 universities
    • 4 e-commerce platforms
    • 21 banks
    • 12 major Vietnamese enterprises

VietCredCare’s features include:

    • adding itself to the exclusion list of Windows Defender and disabling Window’s Antimalware Scan Interface
    • the ability to identify business accounts that have a positive Meta ad credit balance and is also running live advertisements.
    • the ability to identify the folder path with browser profiles in order to exfiltrate cookies and login data
    • exfiltration of data from Chrome, Chromium, MS Edge, and the Cốc Cốc browser. Login credentials and cookie data are sent to the malware’s operators in their bespoke Telegram bot channel in two separate .txt files. A message outlining whether the user is advertising on Facebook is also provided.