Facebook’s parent company Meta recently stopped an ongoing malware campaign targeting multiple companies on the internet.
Malware families detected and disrupted by the tech giant included Ducktail and the newly identified NodeStealer. They targeted people through malicious browser extensions, ads, and social media platforms with the aim of running unauthorized advertisements from compromised business accounts.
Read more about Ducktail here: Ducktail Hacker Group Evolves to Target Facebook Business Accounts
“In its latest iteration, the Ducktail operator automatically grants business admin permissions to ad-related action requests sent by attackers in response to 24-hour detections that terminate stolen sessions. We will block them,” Mehta wrote in a report published Wednesday.
“But continuous detection and mitigation can protect businesses from these latest adaptations.”
As for NodeStealer, Duc H. Nguyena and Ryan Victory said researchers at Meta discovered the malware in January. Targeting Internet browsers on Windows, he stole cookies, stole stored usernames and passwords, and eventually he reportedly compromised Facebook, Gmail, and Outlook accounts.
“NodeStealer is custom-written in JavaScript and comes bundled with a Node.js environment. We assessed that the malware originated in Vietnam and was distributed by a Vietnamese threat actor.”
In a new report, security researchers also highlight the emergence of new malware disguised as ChatGPT and other similar tools.
“In March 2023 alone, we discovered about 10 malware families using ChatGPT and other similar themes to compromise accounts across the internet,” write Nguyena and Victory.
“In one case, we observed an attacker making a malicious browser extension available on official web stores that claimed to provide a ChatGPT-based tool. It promotes certain extensions on social media and sponsored search results to trick people into downloading malware.”
However, according to malware experts, Meta’s multi-pronged approach to dealing with malware threats has proven successful in recent efforts such as detecting and disrupting campaigns involving ChatGPT spoofing. I’m here.
The latest meta report comes a few weeks after Group-IB published an advisory explaining a Facebook impersonation scheme that relies on over 3000 fake profiles.
