Unmasking the SYS01 Infostealer Threat: Bitdefender Labs Tracks Global Malvertising Campaign Targeting Meta Business Pages

Category	Details
Threat Actors	Cybercriminals behind the SYS01 InfoStealer malvertising campaign.
Campaign Overview	A growing malvertising campaign using Meta’s advertising platform to distribute SYS01 InfoStealer malware, impersonating popular brands to target users across multiple platforms.
Target Regions (Victims)	Global reach, particularly targeting North America, EU, Australia, and Asia. Victims mainly males aged 45+ years.
Methodology	– Malicious ads impersonating trusted brands. – Uses ElectronJs to deliver malware. – Malicious domains for distribution and C2 operations. – Ads distributed via platforms like MediaFire.
Product Targeted	Popular software tools (CapCut, Office 365), video streaming services (Netflix), VPNs, and video games.
Malware Reference	SYS01 InfoStealer
Tools Used	ElectronJs, PowerShell scripts, 7zip (for extraction), IonCube Loader (for encoding PHP scripts), Task Scheduler for persistence.
Vulnerabilities Exploited	Malicious ad placements, fake software downloads, social engineering through impersonated brands.
TTPs	– Use of decoy apps (disguised malware). – Dynamic evasion and obfuscation of malicious payloads. – PowerShell scripts for execution and persistence. – Malware communicated via C2 domains.
Attribution	The campaign is attributed to cybercriminals using Meta’s ad platform for malvertising, though exact identity is not provided.
Recommendations	– Users should avoid downloading software from untrusted ads. – Implement endpoint protection and malware detection tools. – Educate users on identifying fake ads.
Source	Bitdefender

Read full article : https://www.bitdefender.com/en-us/blog/labs/unmasking-the-sys01-infostealer-threat-bitdefender-labs-tracks-global-malvertising-campaign-targeting-meta-business-pages

Disclaimer: The above summary has been generated by an AI language model