HOME
NEWS

New infostealer malware now able to take full control of Facebook business accounts: Palo Alto Networks Unit 42 Research


By VARINDIA - 2023-08-02
New infostealer malware now able to take full control of Facebook business accounts: Palo Alto Networks Unit 42 Research

In its latest blog, Palo Alto Networks’ Unit 42 discovered a previously unreported phishing campaign distributing an infostealer. It can take over Facebook business accounts through malicious links masquerading as office tools like spreadsheet templates. Unlike the version Meta reported in May 2023, this new variant (NodeStealer 2.0, written in Python) can steal cryptocurrency and use Telegram to exfiltrate data as well. This indicates a growing trend of threat actors targeting Facebook business accounts – for advertising fraud and financial gains.

 

The main infection vector was a phishing campaign in December 2022 and was used for delivering malware – Variant #1 and Variant #2. The threat actor used multiple Facebook pages and users to post information luring victims to download a link from known cloud file storage providers. After clicking, a .zip file was downloaded, containing the malicious infostealer .exe files. See below the Facebook phishing post luring victims to download the infected .zip file.

 

Variant #1’s process tree is “noisy” – it creates various processes that could be considered abnormal activity indicators, including shutting pop-up windows on the graphical user interface (GUI). But Variant #2 is more discrete making it tougher to identify malicious activity. 

 

Both variants can steal Facebook business account credentials by connecting to the Meta Graph API with the victim’s user ID and access token. The Graph API is the primary way to get data in and out of Facebook and can be used to programmatically query data, post, manage ads, etc. It is used to steal information about the target’s follower count, user verification status, whether the account is prepaid, etc. and send it to the command and control server (C2). They also attempt to steal the login credentials by checking the cookies and local databases of the most common browsers. 

 

Variant #2, goes one step further by replacing the legitimate user’s email address with a mailbox under the cyberattacker’s control, thereby locking them out of the account indefinitely.

 

“Online marketing and advertising is a core part of most businesses today. Through Variant #2 of NodeStealer 2.0, cyberattackers can change the linked email address and lock users out indefinitely. This could lead to large-scale financial and reputational damage due to the improper use of account credit or the publishing of inappropriate content. Facebook is a platform saturated with users of a slightly older demographic who may be less tech-savvy, making them easy targets”, said Anil Valluri, MD and VP, India and SAARC, Palo Alto Networks. 

 

“Protecting against NodeStealer and all its variants requires organizations to review their protection policies and take note of the indicators of compromise (IoCs) provided by Unit 42. Proactive measures to educate employees on modern phishing tactics that leverage current events, business needs and other appealing topics is essential.”

 

To know more about the other dangerous threats posed by the new version of NodeStealer, visit the blog here.

See What’s Next in Tech With the Fast Forward Newsletter

SECURITY
View All
Zscaler announces AI innovations to its Data Protection Platform
Technology

Zscaler announces AI innovations to its Data Protection Platform

by VARINDIA 2024-05-20
SHIELD to enhance Swiggy’s fraud prevention and detection capabilities
Technology

SHIELD to enhance Swiggy’s fraud prevention and detection capabilities

by VARINDIA 2024-05-20
Axis Communications announces its first thermometric camera designed for Zone/Division 2
Technology

Axis Communications announces its first thermometric camera designed for Zone/Division 2

by VARINDIA 2024-05-20
SOFTWARE
View All
Hitachi Vantara and Veeam announce Global Strategic Alliance
Technology

Hitachi Vantara and Veeam announce Global Strategic Alliance

by VARINDIA 2024-05-16
Adobe launches Acrobat AI Assistant for the Enterprise
Technology

Adobe launches Acrobat AI Assistant for the Enterprise

by VARINDIA 2024-05-11
Oracle Database 23ai offers the power of AI to Enterprise Data and Applications
Technology

Oracle Database 23ai offers the power of AI to Enterprise Data and Applications

by VARINDIA 2024-05-10
START - UP
View All
Data Subject Access Request is an integrated module within ID-REDACT®
Technology

Data Subject Access Request is an integrated module within ID-REDACT®

by VARINDIA 2024-04-30
SiMa.ai Secures $70M Funds from Maverick Capital
Technology

SiMa.ai Secures $70M Funds from Maverick Capital

by VARINDIA 2024-04-05
Sarvam AI collaborates with Microsoft to bring its Indic voice LLM to Azure
Technology

Sarvam AI collaborates with Microsoft to bring its Indic voice LLM to Azure

by VARINDIA 2024-02-08

Tweets From @varindiamag

CIO - SPEAK
Automation has the potential to greatly improve efficiency and production

Automation has the potential to greatly improve efficiency and production

by VARINDIA
Various approaches are followed to enhance efficiency, productivity, and cost-effectiveness

Various approaches are followed to enhance efficiency, productivity, and cost-effectiveness

by VARINDIA
Technology can be leveraged in several ways to boost efficiency, productivity and reduce cost

Technology can be leveraged in several ways to boost efficiency, productivity and reduce cost

by VARINDIA
Start-Up and Unicorn Ecosystem
GoDaddy harnesses AI power for new domain name recommendations

GoDaddy harnesses AI power for new domain name recommendations

by VARINDIA
UAE’s du Telecom selects STL as a strategic fibre partner

UAE’s du Telecom selects STL as a strategic fibre partner

by VARINDIA
JLR and Dassault Systèmes extend partnership for All Vehicle Programs worldwide

JLR and Dassault Systèmes extend partnership for All Vehicle Programs worldwide

by VARINDIA
Rapyder partners with AWS to accelerate Generative AI led innovation

Rapyder partners with AWS to accelerate Generative AI led innovation

by VARINDIA
ManageEngine integrates its SIEM solution with Constella Intelligence

ManageEngine integrates its SIEM solution with Constella Intelligence

by VARINDIA
Elastic replaces traditional SIEM game with AI-driven security analytics

Elastic replaces traditional SIEM game with AI-driven security analytics

by VARINDIA
Infosys and ServiceNow to transform customer experiences with generative AI-powered solutions

Infosys and ServiceNow to transform customer experiences with generative AI-powered solutions

by VARINDIA
Crayon Software Experts India inaugurates its ISV Incubation Center in Kolkata

Crayon Software Experts India inaugurates its ISV Incubation Center in Kolkata

by VARINDIA
Dassault Systèmes to accelerate EV charging infrastructure development in India

Dassault Systèmes to accelerate EV charging infrastructure development in India

by VARINDIA
Tech Mahindra and Atento to deliver GenAI powered business transformation services

Tech Mahindra and Atento to deliver GenAI powered business transformation services

by VARINDIA