Aug 01, 2023THNCryptocurrency / Malware
Cybersecurity researchers have unearthed a Python variant of a stealer malware NodeStealer that's equipped to fully take over Facebook business accounts as well as siphon cryptocurrency.
Palo Alto Network Unit 42 said it detected the previously undocumented strain as part of a campaign that commenced in December 2022.
NodeStealer was first exposed by Meta in May 2023, describing it as a stealer capable of harvesting cookies and passwords from web browsers to compromise Facebook, Gmail, and Outlook accounts. While the prior samples were written in JavaScript, the latest versions are coded in Python.
"NodeStealer poses great risk for both individuals and organizations," Unit 42 researcher Lior Rochberger said. "Besides the direct impact on Facebook business accounts, which is mainly financial, the malware also steals credentials from browsers, which can be used for further attacks."
The attacks start with bogus messages on Facebook that purportedly claim to offer free "professional" budget tracking Microsoft Excel and Google Sheets templates, tricking victims to download a ZIP archive file hosted on Google Drive.
The ZIP file embeds within it the stealer executable that, besides capturing Facebook business account information, is designed to download additional malware such as
Support the originator by clicking the read the rest link below.
