The CoralRaider group has been targeting victims in India, China, South Korea, Bangladesh, Pakistan, Indonesia, and Vietnam since May 2023, said Cisco Talos, a unit of U.S. technology giant Cisco.
This group focuses on stealing victims' credentials, financial data, and social media accounts, including business and advertisement accounts, the researchers said in a report on The Hacker News.
The hackers used Telegram to infiltrate the stolen information from victim's machines, which is then traded in underground markets to generate illicit revenues.
CoralRaider operators are likely based in Vietnam because its their language preference is Vietnamese and its code include Vietnamese words.
They siphon data from victims' Facebook, Instagram, TikTok and YouTube accounts, gathering details about the payment methods and permissions associated with their business and advertising accounts.
They use Facebook accounts to mimic popular AI tools from Google, OpenAI, and Midjourney and run ads with them to lure in victims. One such account had 1.2 million followers before it was taken down in March 2023.