Security News > 2023 > September > NodeStealer Malware Now Targets Facebook Business Accounts on Multiple Browsers

An ongoing campaign is targeting Facebook Business accounts with bogus messages to harvest victims' credentials using a variant of the Python-based NodeStealer and potentially take over their accounts for follow-on malicious activities.

First documented by Meta in May 2023, NodeStealer originated as a JavaScript malware capable of pilfering cookies and passwords from web browsers to compromise Facebook, Gmail, and Outlook accounts.

Just earlier this week, Guardio Labs disclosed how fraudulent messages sent via Facebook Messenger from a botnet of fake and hijacked personal accounts are being leveraged to deliver ZIP or RAR archive files to deliver the stealer malware to unsuspecting recipients.

"Images of defective products were used as bait to convince owners or admins of Facebook business pages to download the malware payload," Michael explained.

"Compared to earlier variants, the new NodeStealer variant uses batch files to download and run Python scripts, and steal credentials and cookies from multiple browsers and for multiple websites," Michael said.

"This campaign might be a doorway to a more targeted attack later on since they have already gathered useful information. Attackers who have stolen Facebook cookies and credentials can use them to take over the account, make fraudulent transactions leveraging the legitimate business page."

News URL

https://thehackernews.com/2023/09/nodestealer-malware-now-targets.html