Cybersecurity researchers have identified an ongoing malvertising campaign exploiting Meta’s advertising platform to distribute SYS01stealer malware. This campaign hijacks Facebook accounts to steal login credentials, browsing history, and cookies, primarily targeting Facebook ads and business account data.
Using nearly 100 malicious domains for distribution and live command and control operations, the threat actors manage the attack in real-time and leverage trusted brands to expand their reach. Each compromised account serves to promote more malicious ads without needing new accounts.
The primary distribution method is malvertising across platforms like Facebook, YouTube, and LinkedIn, featuring ads for Windows themes, games, and other software. Most ads target men aged 45 and above, redirecting users to deceptive sites that initiate malware infection through a ZIP archive containing a benign executable that sideloads a malicious DLL.
This setup includes running PowerShell commands to avoid detection and manipulating security settings. The malware includes sandbox detection capabilities, making it harder to identify. What’s more, adaptations to the malware occur regularly to bypass security measures. This underscores the need for continuous vigilance and adaptation in the face of evolving threats.
Additionally, Perception Point reported phishing campaigns abusing the Eventbrite platform to steal financial information. These campaigns used manipulated emails that prompt users to pay bills or confirm package deliveries.
Threat hunters also note a significant rise in cryptocurrency fraud. Scammers are now impersonating reputable organizations to lure individuals with false job offers. Victims often end up investing more money as they attempt to reclaim losses from their fictitious commissions, reflecting tactics associated with pig butchering in cryptocurrency scams. This highlights the growing threat of cryptocurrency fraud and the need for increased awareness and caution.
Citation: Lakshmanan, R. Malvertising Campaign Hijacks Facebook Accounts to Spread SYS01stealer Malware. The Hacker News. https://thehackernews.com/2024/10/malvertising-campaign-hijacks-facebook.html
