Express Computer
Home  »  News  »  New infostealer malware can hack Facebook business accounts: Palo Alto Networks Unit 42 Research

New infostealer malware can hack Facebook business accounts: Palo Alto Networks Unit 42 Research

0 88

In its latest blog, Palo Alto Networks’ Unit 42 discovered a previously unreported phishing campaign distributing an infostealer. It can take over Facebook business accounts through malicious links masquerading as office tools like spreadsheet templates. Unlike the version Meta reported in May 2023, this new variant (NodeStealer 2.0, written in Python) can steal cryptocurrency and use Telegram to exfiltrate data as well. This indicates a growing trend of threat actors targeting Facebook business accounts – for advertising fraud and financial gains.

The main infection vector was a phishing campaign in December 2022 and was used for delivering malware – Variant #1 and Variant #2. The threat actor used multiple Facebook pages and users to post information luring victims to download a link from known cloud file storage providers. After clicking, a .zip file was downloaded, containing the malicious infostealer .exe files. See below the Facebook phishing post luring victims to download the infected .zip file.

Variant #1’s process tree is “noisy” – it creates various processes that could be considered abnormal activity indicators, including shutting pop-up windows on the graphical user interface (GUI). But Variant #2 is more discrete making it tougher to identify malicious activity.

Both variants can steal Facebook business account credentials by connecting to the Meta Graph API with the victim’s user ID and access token. The Graph API is the primary way to get data in and out of Facebook and can be used to programmatically query data, post, manage ads, etc. It is used to steal information about the target’s follower count, user verification status, whether the account is prepaid, etc. and send it to the command and control server (C2). They also attempt to steal the login credentials by checking the cookies and local databases of the most common browsers.

Variant #2, goes one step further by replacing the legitimate user’s email address with a mailbox under the cyberattacker’s control, thereby locking them out of the account indefinitely.

“Online marketing and advertising is a core part of most businesses today. Through Variant #2 of NodeStealer 2.0, cyberattackers can change the linked email address and lock users out indefinitely. This could lead to large-scale financial and reputational damage due to the improper use of account credit or the publishing of inappropriate content. Facebook is a platform saturated with users of a slightly older demographic who may be less tech-savvy, making them easy targets”, said Anil Valluri, MD and VP, India and SAARC, Palo Alto Networks.

“Protecting against NodeStealer and all its variants requires organizations to review their protection policies and take note of the indicators of compromise (IoCs) provided by Unit 42. Proactive measures to educate employees on modern phishing tactics that leverage current events, business needs and other appealing topics is essential.”

Get real time updates directly on you device, subscribe now.

Leave A Reply

Your email address will not be published.

LIVE Webinar

Digitize your HR practice with extensions to success factors

Join us for a virtual meeting on how organizations can use these extensions to not just provide a better experience to its’ employees, but also to significantly improve the efficiency of the HR processes
REGISTER NOW 

Stay updated with News, Trending Stories & Conferences with Express Computer
Follow us on Linkedin
India's Leading e-Governance Summit is here!!! Attend and Know more.
Register Now!
close-image
Attend Webinar & Enhance Your Organisation's Digital Experience.
Register Now
close-image
Enable A Truly Seamless & Secure Workplace.
Register Now
close-image
Attend Inida's Largest BFSI Technology Conclave!
Register Now
close-image
Know how to protect your company in digital era.
Register Now
close-image
Protect Your Critical Assets From Well-Organized Hackers
Register Now
close-image
Find Solutions to Maintain Productivity
Register Now
close-image
Live Webinar : Improve customer experience with Voice Bots
Register Now
close-image
Live Event: Technology Day- Kerala, E- Governance Champions Awards
Register Now
close-image
Virtual Conference : Learn to Automate complex Business Processes
Register Now
close-image