![Alert: Upgraded NodeStealer Now Targets Facebook Ad Budgets and Credit Cards](https://mlkmisyfyt7n.i.optimole.com/cb:QnOd.1c245/w:auto/h:auto/q:mauto/ig:avif/https://clickcontrol.com/wp-content/uploads/2024/12/article_30_1733416329.jpg)
Key Points:
– A new version of Python-based NodeStealer malware has emerged with expanded capabilities
– The malware now targets Facebook Ads Manager accounts and browser-stored credit card data
– Vietnamese threat actors are suspected developers, avoiding infections in their home country
New Features:
1. Enhanced Data Collection:
– Extracts Facebook Ads Manager budget details
– Harvests credit card information from browsers
– Uses Windows Restart Manager to access locked database files
2. Technical Improvements:
– Implements junk code
– Uses batch scripts for dynamic Python execution
– Utilizes Telegram for data exfiltration
Associated Threats:
– Malvertising campaigns through compromised Facebook accounts
– Fake software advertisements, including impersonation of legitimate brands
– Recent campaign mimicking Bitwarden password manager
Additional Security Concerns:
– New phishing campaigns using ClickFix technique
– Distribution of various RATs (Remote Access Trojans)
– Increased targeting of business accounts and financial information
Impact:
– Potential financial losses for individuals and businesses
– Compromise of Facebook advertising accounts
– Risk of unauthorized access to sensitive financial data
This update represents a significant evolution in malware capabilities, particularly targeting social media advertising platforms and financial information.