Connect with us

Hi, what are you looking for?

HEADLINES

Palo Alto Networks Unit 42 researchers unveil new phishing campaign named NodeStealer 2.0

The campaign entices victims with free business tools, like spreadsheet templates, to completely take over the accounts. This strategy indicates a concerning trend among threat actors, who have been increasingly targeting Facebook business accounts which emerged around July 2022.

Palo Alto Networks Unit 42 researchers unveiled a new phishing campaign named NodeStealer 2.0, aimed at Facebook business accounts. The campaign entices victims with free business tools, like spreadsheet templates, to completely take over the accounts. This strategy indicates a concerning trend among threat actors, who have been increasingly targeting Facebook business accounts which emerged around July 2022.

In May 2023, Meta released a report on NodeStealer, a new information-stealing malware initially compiled in July 2022. The report highlighted malicious activities involving NodeStealer that were identified in January 2023. In December 2022, a campaign featuring a new version of Nodestealer emerged. This new campaign involved two Python-written variants with enhanced capabilities, including cryptocurrency theft, downloading abilities, and a complete takeover of Facebook business accounts.

NodeStealer 2.0 Phishing Campaign 

The main infection vector was a phishing campaign focusing on advertising materials for businesses, allowing threat actors to steal browser cookies to hijack accounts on the platform, specifically aiming toward business accounts. The threat actor used multiple Facebook pages and users to post information, luring victims to download links from known cloud file storage providers. After clicking on it, a ZIP file was downloaded to the machine containing the malicious info stealer executable. 

Advertisement. Scroll to continue reading.

“In early 2023, Meta reported it has reached 80.30 million Facebook users in the Philippines, equivalent to 69.0 percent of the total population at the start of the year. This extensive presence potentially exposes the country to considerable risks from NodeStealer, which greatly threatens individuals and organizations. Besides the direct impact on Facebook business accounts, which is mainly financial, the malware also steals credentials from browsers, which can be used for further attacks. We encourage all organisations to review their protection policies and use the indicators of compromise (IoCs) provided in this report to address this threat.” said Vicky Ray, Director at Unit 42 Cyber Consulting & Threat Intelligence, Asia Pacific & Japan at Palo Alto Networks.

Facebook business account owners are encouraged to use strong, complex, hard-to-guess passwords and enable multifactor authentication. Take the time to educate your organization on phishing tactics, especially modern, targeted approaches that address current events, business needs, and other appealing topics. 

Advertisement
Advertisement
Advertisement

Like Us On Facebook

You May Also Like

MOBILE PRODUCTS

Creative has been revolutionizing audio gears since 1981 – from computer sound cards to digital music players, as well as a more improved home...

HEADLINES

To date, over 30,000 small businesses and cooperatives across the country have been trained on technology-based solutions through the PLDT Group’s capacity-building programs, helping...

HEADLINES

Smart has received reports about unscrupulous individuals pretending to be company executives or representatives of organizations asking for donations for made-up or nonexistent relief...

HEADLINES

The event is hosted by the Philippines for the first time, reflecting the UN agency’s recognition of the significant progress that the country has...

HEADLINES

Before the holiday madness kicks in, it's time to whip your wallet into shape. Let Maya help you save stress-free so you can splurge...

HEADLINES

House Bill No. 10699, also known as the "Sana All May Internet Act", seeks to establish a policy that "reduces to zero" the spectrum...

HEADLINES

The round was co-led by a16z SPEEDRUN and Peak XV’s Surge – with participation from Taiwan’s AppWorks, Antler, Hustle Fund, Founders Launchpad, Orvel Ventures,...

ELECTRONICS

The kW Manager feature allows users to set and monitor their air conditioner’s electricity usage directly through the LG ThinQ app. With this tool,...

Advertisement