InfoStealer Malware Attacking Meta Business Page To Steal Logins
Essential information
- Published
- 04/11/2024 10:12
- Modified
- 04/11/2024 11:32
- Tags
- 2024-11-04 credential-theft electron infostealer malvertising meta persistence powershell social media sys01
- Related entities
- 26 observables, 16 techniques (mitre), 1 malware
Description
A sophisticated malvertising campaign is distributing the SYS01 infostealer malware through Meta's advertising platform. The attackers impersonate trusted brands and popular software, targeting primarily senior male demographics. The malware, designed to steal personal data and credentials, is distributed via thousands of malicious advertisements potentially reaching millions of users. The attack infrastructure uses multiple domains as fake download platforms, employing evolving distribution mechanisms to avoid detection. The malware's infection chain involves Electron-based applications, obfuscated JavaScript, and PowerShell scripts, with persistence established through Windows Task Scheduler. It communicates with C2 servers using HTTP calls and leverages Telegram bots and Google pages for dynamic C2 domain retrieval.