Security News > 2023 > May > Facebook disrupts new NodeStealer information-stealing malware
Facebook discovered a new information-stealing malware distributed on Meta called 'NodeStealer,' allowing threat actors to steal browser cookies to hijack accounts on the platform, as well as Gmail and Outlook accounts.
As Facebook's security team explains in a new blog post, it identified NodeStealer early in its distribution campaign, only two weeks after its initial deployment.
Facebook's engineers first spotted the NodeStealer malware in late January 2023, attributing the attacks to Vietnamese threat actors.
If NodeStealer finds cookies or credentials related to Facebook accounts, it enters the next phase, "Account reconnaissance," during which it abuses Facebook API to extract information about the breached account.
The key information the malware goes after is the Facebook account's ability to run advertising campaigns, which threat actors leverage for pushing misinformation or leading unsuspecting audiences to other malware distribution sites.
In today's report, Facebook also shared information on continuing DuckTail malware operations and malware and malicious extensions distributed as ChatGPT programs.