Social media is becoming a battleground where attractive images serve as a vehicle for NodeStealer distribution.
Security researchers at Bitdefender have discovered that cybercriminals are using Facebook ads to spread malware and hijack users social media accounts.
As part of a malicious ad campaign, hackers use legitimate tools to distribute online ads and insert infected links into typical ads. To attract users attention, the campaign uses erotic images of girls.
Researchers report that the goal of the campaign is to deliver a new version of the NodeStealer malware to victims devices. Some of the photos in the ads appear to have been edited or created using artificial intelligence.
In the detected campaign, cybercriminals used at least 10 compromised business accounts to manage ads that spread malware to ordinary Facebook users — mostly men aged 40 and older from Europe, Africa and the Caribbean.
Each click on the ad instantly downloads a malicious executable file to the victim's device. Researchers estimate that almost 100,000 users downloaded the malware in just 10 days. It is unclear which hacker group is behind this campaign. The first NodeStealer attacks were attributed to threats from Vietnam that targeted business accounts via Facebook Messenger.
NodeStealer is a relatively new ransomware program that, among other things, allows attackers to steal cookies from victims browser and hijack their Facebook accounts. A variant of NodeStealer, discovered in the latest campaign, has acquired new features that allow hackers to gain access to the Gmail and Outlook platforms, and download additional malicious payloads.
Once cybercriminals gain access to users browser cookies using NodeStealer's basic features, they can hijack Facebook accounts and gain access to sensitive information.
Hackers can then change passwords and activate additional security measures on accounts to completely block access to the rightful owner and get the opportunity to continue to commit fraud without being noticed.
Security researchers at Bitdefender have discovered that cybercriminals are using Facebook ads to spread malware and hijack users social media accounts.
As part of a malicious ad campaign, hackers use legitimate tools to distribute online ads and insert infected links into typical ads. To attract users attention, the campaign uses erotic images of girls.
Researchers report that the goal of the campaign is to deliver a new version of the NodeStealer malware to victims devices. Some of the photos in the ads appear to have been edited or created using artificial intelligence.
In the detected campaign, cybercriminals used at least 10 compromised business accounts to manage ads that spread malware to ordinary Facebook users — mostly men aged 40 and older from Europe, Africa and the Caribbean.
Each click on the ad instantly downloads a malicious executable file to the victim's device. Researchers estimate that almost 100,000 users downloaded the malware in just 10 days. It is unclear which hacker group is behind this campaign. The first NodeStealer attacks were attributed to threats from Vietnam that targeted business accounts via Facebook Messenger.
NodeStealer is a relatively new ransomware program that, among other things, allows attackers to steal cookies from victims browser and hijack their Facebook accounts. A variant of NodeStealer, discovered in the latest campaign, has acquired new features that allow hackers to gain access to the Gmail and Outlook platforms, and download additional malicious payloads.
Once cybercriminals gain access to users browser cookies using NodeStealer's basic features, they can hijack Facebook accounts and gain access to sensitive information.
Hackers can then change passwords and activate additional security measures on accounts to completely block access to the rightful owner and get the opportunity to continue to commit fraud without being noticed.
