Vietnamese operation uses Google AppSheet for Facebook phishing, targets 30,000 accounts

As detailed in The Hacker News, a sophisticated phishing operation linked to Vietnamese threat actors has been discovered leveraging Google AppSheet as a relay to distribute malicious emails aimed at compromising Facebook accounts. This operation, codenamed AccountDumpling by Guardio, has reportedly led to the hacking of approximately 30,000 Facebook accounts.

The AccountDumpling campaign targets Facebook Business account owners with emails impersonating Meta Support, creating a false sense of urgency to prompt users to click on links leading to fake credential harvesting pages. These phishing emails are sent from a legitimate Google AppSheet address, allowing them to bypass spam filters. The operation employs various lures, including account disablement, copyright complaints, and fake job offers, to trick victims. Data collected includes credentials, two-factor authentication codes, personal information, and government ID photos, often exfiltrated to Telegram channels.

Evidence, including metadata from generated PDFs, points to a Vietnamese individual named PHẠM TÀI TÂN as being behind the operation. The stolen accounts are then sold on illicit marketplaces, highlighting a growing trend of trusted platforms being repurposed for malicious activities and the commercialization of compromised digital assets.

Source: The Hacker News