"SYS01 Stealer Targets Critical Government Infrastructure"

Researchers from Morphisec found a sophisticated information stealer, called SYS01 stealer, that has been used in attacks on employees of critical government infrastructure, manufacturing companies, and other sectors since November 2022. The campaign targets Facebook business accounts by using Google ads and false Facebook profiles that promote games, adult content, cracked software, and more to trick victims into downloading a malicious file. The purpose of the attack is to steal sensitive information, including login credentials, cookies, and Facebook ad and business account details. In order to steal Facebook session cookies, the malware scans for popular browsers such as Google Chrome, Microsoft Edge, Brave Browser, and Firefox. For each discovered browser, it extracts all stored cookies, including any Facebook session cookie. In addition, the malware collects information from the victim's Facebook account, including their name, email address, date of birth, and user ID, as well as two-factor authentication (2FA) codes, user agents, IP address, and geolocation. This article continues to discuss researchers' findings and observations regarding the new SYS01 stealer targeting critical government infrastructure and manufacturing firms.

Security Affairs reports "SYS01 Stealer Targets Critical Government Infrastructure"