#1
#1 out of 10.00%
technology2h ago
30,000 Facebook Accounts Hacked via Google AppSheet Phishing Campaign
- A Vietnamese-led operation used Google AppSheet as a phishing relay to harvest Facebook credentials, compromising about 30,000 accounts.
- Guardio named the operation AccountDumpling, describing a living, evolving campaign with real-time operator panels and a criminal-commercial loop.
- Phishing emails impersonate Meta support and use noreply@appsheet.com to bypass filters and direct users to credential-harvesting pages.
- Campaign clusters include Netlify-hosted pages, CAPTCHA-gated 'Security Check' pathways, and Canva-generated PDFs guiding victims to reveal passwords and 2FA codes.
- Telegram channels tied to the operation reportedly contain about 30,000 victim records with many victims in the US and other major markets.
- Security researchers linked the operation to a Vietnamese digital marketing site, PHẠM TÀI TÂN, suggesting broader ties to a Vietnamese-based cybercrime ecosystem.
- Experts highlight the operation as a broader example of using trusted platforms for delivery, hosting, and monetization in the stolen Facebook assets market.
- The operation triggered multiple lures, including fake job offers and privacy-related prompts, to build trust with targets.
- Guardio tracked four main clusters, including Netlify pages and blue-badge pages, as part of the phishing infrastructure.
- The campaign used Canva-generated PDFs hosted on Google Drive to mislead users into revealing sensitive data.
Vote 0