"Python Versions of Stealer Malware Discovered Targeting Facebook Business Accounts"
Researchers have discovered a previously unknown phishing campaign that targets Facebook business accounts and distributes two variants of a Python-written infostealer. Palo Alto Networks Unit 42 reported finding Python variants of the NodeStealer malware while exploring the trend of threat actors targeting Facebook business accounts with phishing lures involving business tools such as spreadsheet templates. Meta described NodeStealer in May, noting that the JavaScript-written malware allowed threat actors to steal browser cookies and hijack accounts. The Python versions of the malware are an improvement over the original by adding cryptocurrency theft capabilities, downloader capabilities, and the ability to take over Facebook business accounts. In addition to the direct impact on Facebook business accounts, which is primarily financial, the malware also steals browser credentials that can be used for future attacks. According to Unit 42 researchers, the campaign ran until December 2022 and is no longer active. However, the researchers believe that the threat actors behind the attacks will continue to develop NodeStealer or use similar techniques to continue targeting Facebook business accounts. This article continues to discuss the Python versions of the NodeStealer malware targeting Facebook business accounts.