216.73.217.80

InfoStealer Malware Attacking Meta Business Page To Steal Logins

· Published 04/11/2024 10:12 · Modified 04/11/2024 11:32

Export JSON

Essential information

Published
04/11/2024 10:12
Modified
04/11/2024 11:32
Tags
2024-11-04 credential-theft electron infostealer malvertising meta persistence powershell social media sys01
Related entities
26 observables, 16 techniques (mitre), 1 malware

Description

A sophisticated campaign is distributing the malware through 's advertising platform. The attackers impersonate trusted brands and popular software, targeting primarily senior male demographics. The malware, designed to steal personal data and credentials, is distributed via thousands of malicious advertisements potentially reaching millions of users. The attack infrastructure uses multiple domains as fake download platforms, employing evolving distribution mechanisms to avoid detection. The malware's infection chain involves -based applications, obfuscated JavaScript, and scripts, with established through Windows Task Scheduler. It communicates with C2 servers using HTTP calls and leverages Telegram bots and Google pages for dynamic C2 domain retrieval.

External references