Press ESC to close

NodeStealer Malware Targets Facebook Ad Accounts, Harvesting Credit Card Data

AspectDetails
Threat ActorsVietnamese threat actors; additional unattributed actors leveraging phishing campaigns.
Campaign OverviewUpdated NodeStealer malware targets Facebook Ads Manager and web browsers for sensitive data like credit card details.
Target Regions/VictimsFacebook Business and Ads Manager accounts, primarily for malvertising purposes; contractors and vendors via phishing schemes.
MethodologyData exfiltration using Telegram, evasion tactics like ClickFix, phishing campaigns, and leveraging Facebook Graph API for token generation.
Product TargetedFacebook Ads Manager, Facebook Business accounts, credit card details stored in browsers.
Malware ReferenceNodeStealer (Python variant), I2Parcae RAT, PythonRatLoader, AsyncRAT, DCRat, Venom RAT.
Tools UsedWindows Restart Manager for unlocking browser databases; phishing tools like ClickFix and reCAPTCHA Phish toolkit.
Vulnerabilities ExploitedExploited cookie storage in browsers, SQL database file locks, and human error through phishing and malvertising.
TTPsBrowser database unlocking, CAPTCHA-based phishing (ClickFix), malvertising, stealing cookies and tokens, exfiltrating data via Telegram.
AttributionVietnamese hackers for NodeStealer; Russian espionage actors for ClickFix technique use.
RecommendationsStrengthen phishing defenses, educate users on malvertising risks, secure sensitive data storage, and monitor access to Facebook accounts.
SourceThe Hacker News.

Read full article:https://thehackernews.com/2024/11/nodestealer-malware-targets-facebook-ad.html

Disclaimer: The above summary has been generated by an AI language model

Leave a Reply

Your email address will not be published. Required fields are marked *