Security News > 2023 > March > SYS01stealer: New Threat Using Facebook Ads to Target Critical Infrastructure Firms

Cybersecurity researchers have discovered a new information stealer dubbed SYS01stealer targeting critical government infrastructure employees, manufacturing companies, and other sectors.

"The threat actors behind the campaign are targeting Facebook business accounts by using Google ads and fake Facebook profiles that promote things like games, adult content, and cracked software, etc. to lure victims into downloading a malicious file," Morphisec said in a report shared with The Hacker News.

"The attack is designed to steal sensitive information, including login data, cookies, and Facebook ad and business account information."

The stealer is engineered to harvest Facebook cookies from Chromium-based web browsers, exfiltrate the victim's Facebook information to a remote server, and download and run arbitrary files.

The development comes as Bitdefender revealed a similar stealer campaign known as S1deload that's designed to hijack users' Facebook and YouTube accounts and leverage the compromised systems to mine cryptocurrency.

"When an application loads in memory and search order is not enforced, the application loads the malicious file instead of the legitimate one, allowing threat actors to hijack legitimate, trusted, and even signed applications to load and execute malicious payloads."

News URL

https://thehackernews.com/2023/03/sys01stealer-new-threat-using-facebook.html