A group of hackers have made use of a Google Chrome extension to steal the sign-in details of about 66,000 Facebook, Gmail and Yahoo Mail accounts together with millions of cookies of popular sites, including Paypal, in Vietnam.
The cyberattack was uncovered just over a month after Vietnamese Internet users were hit by the WannaCry global ransomware program, Thanh Nien (Young People) newspaper reported.
WannaCry is a ransomware computer virus that targets the Microsoft Windows operating system, a global attack which was launched in May, aiming at a huge number of computer systems around the world by encrypting data stored on the computers to demand money.
The cyber-security unit of Hanoi-based Internet company VCCorp announced on Thursday its rocking discovery that the email and Internet accounts of tens of thousands of personal users in Vietnam had been stolen by hackers.
The team had noticed suspicious activities within the company’s internal network carried out from an employee’s account a few days before, according to Le Nguyen Khang, head of VCCorp’s cybersecurity unit.
They later found that the account had been taken over by hackers, suggesting a serious security breach.
An intensive investigation then revealed that a huge amount of account details had been stolen from the employee’s personal computer via a malware program disguised as an Internet Download Manager extension on the Google Chrome browser.
As both the browser and download accelerator are popular with Vietnamese Internet users, the discovery could mean that hundreds of thousands of personal computers in Vietnam were faced with the same risks.
Further investigation by VCCorp experts found that the cyberattack had not been carried out by a lone hacker, but a group of professional ones.
In total, VCCorp estimated that around 55,000 Facebook accounts, 6,000 Gmail accounts, 5,000 Yahoo accounts and over five million cookies of popular sites such as Facebook, Google Mail, Yahoo Mail, Hotmail and even Paypal had been stolen by the hackers.
Email accounts of employees at Vietnam’s major banks such as Vietcombank, VietinBank, BIDV and OCB were also on the list of victims announced by VCCorp.
“Most Vietnamese users save the sign-in details of their email accounts and other important information such as banking and insurance directly on Google Chrome, which could prove disastrous once the browser is compromised,” Khang said. “We have been contacted by local banks and have provided them with the list of stolen emails so that they can alert the whole network to prevent possible risks.”
“This is a wake-up call for everybody, especially personal Internet users without much knowledge about IT or cybersecurity, to stay more alert to these risks,” said Dr. Vo Van Khang, deputy chairman of the southern branch of the Vietnam Information Security Association.
“Users are advised against installing foreign apps and extensions without any certified origin to avoid being infected with malware.”
According to Vu Ngoc Son, deputy head of the anti-malware unit at Vietnamese tech firm Bkav, regular Internet users can take simple steps to minimize the risks of having their accounts stolen by avoid clicking on suspicious-looking email attachments and web links.
Malware programs can also be spread via the piracy of computer software uploaded by hackers, Son warned.
Le Nguyen Khang, the head of VCCorp’s cybersecurity unit, advises Internet users in Vietnam to double-check the extensions installed on their browser, as well as programs and applications currently allowed access to their computer system to remove any suspicious-looking ones.
Further caution can be taken by erasing all saved passwords and forms on the browser, and change all passwords of important online services, Khang advised.