Cybersecurity researchers have unearthed a Python variant of a stealer malware
NodeStealer that's equipped to fully take over Facebook business accounts as well as siphon cryptocurrency.
Palo Alto Network Unit 42 said it detected the previously undocumented strain as part of a campaign that commenced in December 2022. There is no evidence to suggest that the cyber offensive is currently active.
NodeStealer was
first exposed by Meta in May 2023, describing it as a stealer capable of harvesting cookies and passwords from web browsers to compromise Facebook, Gmail, and Outlook accounts. While the prior samples were written in JavaScript, the latest versions are coded in Python.
"NodeStealer poses great risk for both individuals and organizations," Unit 42 researcher Lior Rochberger
said. "Besides the direct impact on Facebook business accounts, which is mainly financial, the malware also steals credentials from browsers, which can be used for further attacks."
The attacks start with bogus messages on Facebook that purportedly claim to offer free "professional" budget tracking Microsoft Excel and Google Sheets templates, tricking victims to download a ZIP archive file hosted on Google Drive.
