FACEBOOK ACCOUNTS TARGETED: BY NEW NODESTEALER

August 19, 2023
|In Security
|By Security Team

The stealer virus NodeStealer has a Python edition that can completely take over Facebook business accounts and crypto currency, according to cyber security specialists. The software, known as NodeStealer 2.0, can hijack company accounts on the social network by utilizing nefarious URLs that appear to be legitimate office resources like spreadsheet templates. The latest version, written in Python, is more powerful because it can steal crypto currency and data from Telegram, although Meta had previously reported on an older variant in May of this year. The revelation is related to the rise in phishing attempts against Facebook accounts.

Background:

Two malware variants known as Variant #1 and Variant #2 were discovered in December, marking the beginning of the main phishing effort for NodeStealer. To trick victims into downloading a link from well-known cloud file storage services, the attackers exploited a number of Facebook sites and people to publish postings. A.zip file containing the malicious infostealer.exe files is downloaded when the link is clicked. By using the victim’s user ID and access token to establish a connection with the Meta Graph API, both variations can access Facebook business account details.

Working:

With information-stealing software, the threat actor targets people and staff members who might have access to a Facebook Business account. The malware is intended to steal browser cookies and exploit authenticated Facebook sessions to access the victim’s Facebook account, steal information from it, and ultimately take control of any Facebook Business account to which the victim has adequate access. By adding the threat actor’s email address to the Facebook Business account with the Admin and Finance editor roles, the hijacking is accomplished. The threat actor essentially has uncontrolled access to the account as a result of this.

Prevention:

Vigilance and attentiveness are essential to preventing becoming a victim in this operation, as with all similar ones. LinkedIn users are frequently the focus of spear phishing attempts, so if you are in a position where you have admin access to company social media accounts, you should be cautious while dealing with individuals there. It goes without saying that you should use caution when working with attachments or URLs supplied to you by people you don’t know.

Remediation:

  • To use a reputable antivirus or anti-malware program
  • Keep your operating system and software up-to-date
  • To download files only from trusted source
  • Use strong password and change them regularly