Security News > 2023 > August > New NodeStealer Variant Targeting Facebook Business Accounts and Crypto Wallets

Cybersecurity researchers have unearthed a Python variant of a stealer malware NodeStealer that's equipped to fully take over Facebook business accounts as well as siphon cryptocurrency.
NodeStealer was first exposed by Meta in May 2023, describing it as a stealer capable of harvesting cookies and passwords from web browsers to compromise Facebook, Gmail, and Outlook accounts.
"Besides the direct impact on Facebook business accounts, which is mainly financial, the malware also steals credentials from browsers, which can be used for further attacks."
The ZIP file embeds within it the stealer executable that, besides capturing Facebook business account information, is designed to download additional malware such as BitRAT and XWorm in the form of ZIP files, disable Microsoft Defender Antivirus, and carry out crypto theft by using MetaMask credentials from Google Chrome, C?c C?c, and Brave web browsers.
Unit 42 said it further spotted an upgraded Python variant of NodeStealer that goes beyond credential and crypto theft by implementing anti-analysis features, parsing emails from Microsoft Outlook, and even attempting to take over the associated Facebook account.
NodeStealer also joins the likes of malware like Ducktail that are part of a growing trend of Vietnamese threat actors looking to break into Facebook business accounts for advertising fraud and propagating malware to other users on the social media platform.
News URL
https://thehackernews.com/2023/08/new-nodestealer-targeting-facebook.html
Related news
- Google Play, Apple App Store apps caught stealing crypto wallets (source)
- Cross-Platform JavaScript Stealer Targets Crypto Wallets in New Lazarus Group Campaign (source)
- GrassCall malware campaign drains crypto wallets via fake job interviews (source)
- Microsoft Warns of StilachiRAT: A Stealthy RAT Targeting Credentials and Crypto Wallets (source)