It has been reported that Facebook business accounts are being subjected to attacks from a variant of the Python-based NodeStealer malware. By sending messages to accounts, the credentials of the users are being stolen and the accounts are then supposedly going to be used for other malicious activities.

Read more about it below.

NodeStealer Malware – Beware

NodeStealer had first originated as a JavaScript malware and was used to steal credentials and cookies from the victim’s web browser and as of December 2022, another attack revealed the Python version being used for the same purpose. Some of its other Python versions were also reported to have been used to conduct cryptocurrency thefts as well.

The victims of the current attack wave are mostly from Southern Europe and Northern America, and are basically accounts of people from manufacturing services or technology sectors. An image of a defective product is being shared along with the malware and once the users click on it, they’ll be directed to a website on their web browser. While the user is misled into the website and is distracted, the malware does its job in the background.

When the new variant of the NodeStealer malware is compared to its previous versions, unlike before, the new variant has batch files that are being used to download and run the Python scripts, and thereby, the credentials and cookies for multiple websites from different browsers are stolen.

It has also been reported that more targeted attacks might take place later and with all the already stolen credentials, the wrong-doers have everything with them to take over accounts and continue their misdeeds.

It is advised that if by chance such a doubtful file has been sent to you from known or unknown sources, always contact them and ensure that it is safe before you access it.

Via.

The post Don’t Open Any Files Received from Unknown Sources: NodeStealer Malware Attacks Continues appeared first on The Tech Outlook.