1. Forum
  2. tqwNet
  3. TQW GENTECH

  • This devious malware is targeting Facebook accounts to steal cred

    From TechnologyDaily@1337:1/100 to All on Thursday, November 21, 2024 23:15:07
    This devious malware is targeting Facebook accounts to steal credit card data

    Date:
    Thu, 21 Nov 2024 23:02:00 +0000

    Description:
    Python NodeStealer now targets more than Facebook Business accounts.

    FULL STORY ======================================================================Security
    researchers from Netskope found an upgraded version of Python NodeStealer This dangerous infostealer can also now target Facebook Ads Manager accounts It can steal credit card information, data stored in browsers, and more

    Python NodeStealer, an infamous infostealer that targeted Facebook Business accounts, has been upgraded with new and dangerous features to make it
    capable of targeting Facebook Ads Manager accounts as well, steal more data, and thus open the gateway to more destructive malware campaigns.

    Cybersecurity researchers Netskope Threat Labs have published a new, in-depth analysis of NodeStealer, noting it can now pilfer credit card information, in addition to stealing credentials stored in the browser .

    The process is done by copying the Web Data of all targeted browsers, they explained. Web Data is a SQLite database storing sensitive data such as autofill information and saved payment methods. Abusing Windows Restart Manager

    With these, the infostealer can now collect the victims credit card information which includes the cardholders name, card expiration date, and card number," the researchers noted.

    It uses Pythons SQLite3 library to run a query on the stolen database,
    looking for specific strings (credit card information).

    Furthermore, Python NodeStealer now uses Windows Restart Manager to unlock database files. This library cuts down on the number of reboots needed after software updates, by simply restarting the processes that lock updated files, but in this instance, it is being abused in data theft.

    First, the infostealer extracts the information by copying browser database files into a temp folder. But since the files are usually locked by another operation, they cannot be used, which is where Windows Restart Manager is used. Finally, the files are exfiltrated via a Telegram bot.

    Python NodeStealer is most likely being developed by a threat actor located
    in Vietnam. Their main goal is to compromise Facebook Business and now - Facebook Ads Manager accounts, which they can later abuse in malvertising campaigns.

    Facebook is usually rigorous when it comes to purchasing ads on its platform, and only vetted, verified accounts are allowed to do so. Crooks rarely make
    it past the platforms scanners, and resort to stealing verified accounts to run their campaigns, instead.

    Via The Hacker News You might also like Windows PCs targeted by new malware hitting a vulnerable driver Here's a list of the best firewalls today These are the best endpoint protection tools right now



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/this-devious-malware-is-targeting-faceb ook-accounts-to-steal-credit-card-data


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)