| Aspect | Details |
|---|---|
| Threat Actors | Vietnamese threat actors; additional unattributed actors leveraging phishing campaigns. |
| Campaign Overview | Updated NodeStealer malware targets Facebook Ads Manager and web browsers for sensitive data like credit card details. |
| Target Regions/Victims | Facebook Business and Ads Manager accounts, primarily for malvertising purposes; contractors and vendors via phishing schemes. |
| Methodology | Data exfiltration using Telegram, evasion tactics like ClickFix, phishing campaigns, and leveraging Facebook Graph API for token generation. |
| Product Targeted | Facebook Ads Manager, Facebook Business accounts, credit card details stored in browsers. |
| Malware Reference | NodeStealer (Python variant), I2Parcae RAT, PythonRatLoader, AsyncRAT, DCRat, Venom RAT. |
| Tools Used | Windows Restart Manager for unlocking browser databases; phishing tools like ClickFix and reCAPTCHA Phish toolkit. |
| Vulnerabilities Exploited | Exploited cookie storage in browsers, SQL database file locks, and human error through phishing and malvertising. |
| TTPs | Browser database unlocking, CAPTCHA-based phishing (ClickFix), malvertising, stealing cookies and tokens, exfiltrating data via Telegram. |
| Attribution | Vietnamese hackers for NodeStealer; Russian espionage actors for ClickFix technique use. |
| Recommendations | Strengthen phishing defenses, educate users on malvertising risks, secure sensitive data storage, and monitor access to Facebook accounts. |
| Source | The Hacker News. |
Read full article:https://thehackernews.com/2024/11/nodestealer-malware-targets-facebook-ad.html
Disclaimer: The above summary has been generated by an AI language model
Leave a Reply