"NodeStealer Malware Hijacking Facebook Business Accounts for Malicious Ads"

Threat actors are using compromised Facebook business accounts to run malicious ads that involve inappropriate images as lures to trick victims into downloading an updated version of NodeStealer malware. Clicking on the ads downloads an archive containing a malicious .exe 'Photo Album' file that drops a second executable written in .NET. According to Bitdefender, this payload steals browser cookies and passwords. Meta first disclosed NodeStealer in May 2023 as a JavaScript malware designed to facilitate the hijacking of Facebook accounts. Since the disclosure, the threat actors behind the operation have used a Python-based variant in their attacks. This article continues to discuss compromised Facebook business accounts being used to run phony ads aimed at tricking victims into downloading NodeStealer malware.

THN reports "NodeStealer Malware Hijacking Facebook Business Accounts for Malicious Ads"

Submitted by grigby1

Submitted by Gregory Rigby on