Threat actors were seen exploiting paid Facebook promotions to disseminate malicious code, aiming to deploy a harmful browser add-on for credential theft. Going by the keywords and variables noticed within the malicious script, researchers believe that Vietnamese threat actors could be behind the attack. To prevent falling victim to the ongoing attack campaign, Facebook users are advised to exercise caution when interacting with advertisements.