- Aug 17, 2014
- 11,115
Cybersecurity researchers have discovered a new information stealer dubbed SYS01stealer targeting critical government infrastructure employees, manufacturing companies, and other sectors.
"The threat actors behind the campaign are targeting Facebook business accounts by using Google ads and fake Facebook profiles that promote things like games, adult content, and cracked software, etc. to lure victims into downloading a malicious file," Morphisec said in a report shared with The Hacker News.
"The attack is designed to steal sensitive information, including login data, cookies, and Facebook ad and business account information."
The attack chain, per Morphisec, commences when a victim is successfully lured into clicking on a URL from a fake Facebook profile or advertisement to download a ZIP archive that purports to be cracked software or adult-themed content.
Opening the ZIP file launches a based loader – typically a legitimate C# application – that's vulnerable to DLL side-loading, thereby making it possible to load a malicious dynamic link library (DLL) file alongside the app.
SYS01stealer: New Threat Using Facebook Ads to Target Critical Infrastructure Firms
Cybersecurity researchers have discovered a new information stealer dubbed SYS01stealer targeting government, manufacturing, and other sectors.
thehackernews.com
