Alert: Upgraded NodeStealer Now Targets Facebook Ad Budgets and Credit Cards

Alert: Upgraded NodeStealer Now Targets Facebook Ad Budgets and Credit Cards

NodeStealer Malware Update: Enhanced Capabilities and New Threats

Key Points:
– A new version of Python-based NodeStealer malware has emerged with expanded capabilities
– The malware now targets Facebook Ads Manager accounts and browser-stored credit card data
– Vietnamese threat actors are suspected developers, avoiding infections in their home country

New Features:
1. Enhanced Data Collection:
– Extracts Facebook Ads Manager budget details
– Harvests credit card information from browsers
– Uses Windows Restart Manager to access locked database files

2. Technical Improvements:
– Implements junk code
– Uses batch scripts for dynamic Python execution
– Utilizes Telegram for data exfiltration

Associated Threats:
– Malvertising campaigns through compromised Facebook accounts
– Fake software advertisements, including impersonation of legitimate brands
– Recent campaign mimicking Bitwarden password manager

Additional Security Concerns:
– New phishing campaigns using ClickFix technique
– Distribution of various RATs (Remote Access Trojans)
– Increased targeting of business accounts and financial information

Impact:
– Potential financial losses for individuals and businesses
– Compromise of Facebook advertising accounts
– Risk of unauthorized access to sensitive financial data

This update represents a significant evolution in malware capabilities, particularly targeting social media advertising platforms and financial information.

Share This Article