Aspect | Details |
---|---|
Threat Actors | Vietnamese threat actors; additional unattributed actors leveraging phishing campaigns. |
Campaign Overview | Updated NodeStealer malware targets Facebook Ads Manager and web browsers for sensitive data like credit card details. |
Target Regions/Victims | Facebook Business and Ads Manager accounts, primarily for malvertising purposes; contractors and vendors via phishing schemes. |
Methodology | Data exfiltration using Telegram, evasion tactics like ClickFix, phishing campaigns, and leveraging Facebook Graph API for token generation. |
Product Targeted | Facebook Ads Manager, Facebook Business accounts, credit card details stored in browsers. |
Malware Reference | NodeStealer (Python variant), I2Parcae RAT, PythonRatLoader, AsyncRAT, DCRat, Venom RAT. |
Tools Used | Windows Restart Manager for unlocking browser databases; phishing tools like ClickFix and reCAPTCHA Phish toolkit. |
Vulnerabilities Exploited | Exploited cookie storage in browsers, SQL database file locks, and human error through phishing and malvertising. |
TTPs | Browser database unlocking, CAPTCHA-based phishing (ClickFix), malvertising, stealing cookies and tokens, exfiltrating data via Telegram. |
Attribution | Vietnamese hackers for NodeStealer; Russian espionage actors for ClickFix technique use. |
Recommendations | Strengthen phishing defenses, educate users on malvertising risks, secure sensitive data storage, and monitor access to Facebook accounts. |
Source | The Hacker News. |
Read full article:https://thehackernews.com/2024/11/nodestealer-malware-targets-facebook-ad.html
Disclaimer: The above summary has been generated by an AI language model
Leave a Reply