- Aug 17, 2014
Cybersecurity researchers have unearthed a Python variant of a stealer malware NodeStealer that's equipped to fully take over Facebook business accounts as well as siphon cryptocurrency.
Palo Alto Network Unit 42 said it detected the previously undocumented strain as part of a campaign that commenced in December 2022. There is no evidence to suggest that the cyber offensive is currently active.
"NodeStealer poses great risk for both individuals and organizations," Unit 42 researcher Lior Rochberger said. "Besides the direct impact on Facebook business accounts, which is mainly financial, the malware also steals credentials from browsers, which can be used for further attacks."
The attacks start with bogus messages on Facebook that purportedly claim to offer free "professional" budget tracking Microsoft Excel and Google Sheets templates, tricking victims to download a ZIP archive file hosted on Google Drive.