Jump to content
Login new information ×
Login new information
Donations campaign phase one 2024
  • Security & Privacy News

    This new malware is going after Facebook Business accounts

    aum

    By aum,
    Published Date:

    • 236 views
    • 2 minutes
     Share
    • 236 views
    • 2 minutes

    New malware variant targets Facebook Business accounts, so be on your guard

     

    A new malware strain has been identified targeting Facebook business accounts and stealing their cryptocurrency, experts have revealed.

     

    A new report from Unit 42, the cybersecurity arm of Palo Alto Networks has identified the malware as NodeStealer, a Python variant of the malware originally written in JavaScript. 

     

    To get people to install NodeStealer, hackers were reaching out via Facebook, offering fake “professional” budget tracking Microsoft Excel and Google Sheets templates. Given that the attackers were going after business accounts, it’s no wonder that they were trying to lure people in by offering business-related tools and assistance.

     

    Idle campaign


    The “templates” were hosted on Google Drive, residing in a .ZIP archive. The archive carried the NodeStealer executable which was also capable of deploying additional malware, such as BitRAT and XWorm, as well as disabling Microsoft Defender antivirus and stealing cryptocurrencies through the MetaMask browser addon wallet. 

     

    The strain was used in a malicious campaign that started in December 2022, the researchers said, adding that it’s unlikely that the scheme is still ongoing. 

     

    NodeStealer was first spotted in May 2023 by Meta, when the company described it as a stealer that grabs cookies and passwords stored in browsers. NodeStealer was capable of compromising not just Facebook accounts, but Gmail and Outlook, too.

     

    "NodeStealer poses great risk for both individuals and organizations," Unit 42 researcher Lior Rochberger said. "Besides the direct impact on Facebook business accounts, which is mainly financial, the malware also steals credentials from browsers, which can be used for further attacks."

     

    Originally, the attackers were using Facebook business accounts to run malicious advertising campaigns on the platform, and lure the social network’s users to third-party websites where they’d incentivize them to download malware or otherwise share sensitive information.

     

    Source

     Share
    Go to news

    User Feedback

    Recommended Comments

    There are no comments to display.



    Join the conversation

    You can post now and register later. If you have an account, sign in now to post with your account.
    Note: Your post will require moderator approval before it will be visible.

    Guest
    Add a comment...

    ×   Pasted as rich text.   Paste as plain text instead

      Only 75 emoji are allowed.

    ×   Your link has been automatically embedded.   Display as a link instead

    ×   Your previous content has been restored.   Clear editor

    ×   You cannot paste images directly. Upload or insert images from URL.

    ×

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...