InfoStealer Malware Attacking Meta Business Page To Steal Logins
Nov. 4, 2024, 11:32 a.m.
Description
A sophisticated malvertising campaign is distributing the SYS01 infostealer malware through Meta's advertising platform. The attackers impersonate trusted brands and popular software, targeting primarily senior male demographics. The malware, designed to steal personal data and credentials, is distributed via thousands of malicious advertisements potentially reaching millions of users. The attack infrastructure uses multiple domains as fake download platforms, employing evolving distribution mechanisms to avoid detection. The malware's infection chain involves Electron-based applications, obfuscated JavaScript, and PowerShell scripts, with persistence established through Windows Task Scheduler. It communicates with C2 servers using HTTP calls and leverages Telegram bots and Google pages for dynamic C2 domain retrieval.
Tags
Date
- Created: Nov. 4, 2024, 10:12 a.m.
- Published: Nov. 4, 2024, 10:12 a.m.
- Modified: Nov. 4, 2024, 11:32 a.m.
Indicators
- https://wrust.top
- https://wegoodmedia.com
- https://wakomedia.com
- https://untratem.top
- https://ubrosive.top
- https://superpackmedia.com
- https://socialworldmedia.com
- https://ostimatu.top
- https://musament.top
- https://matcrogir.top
- https://lucielarouche.com
- https://krouki.com
- https://kimiclass.com
- https://goodsuccessmedia.com
- https://gerymedia.com
- https://eviralmedia.com
- https://enorgutic.top
- wegoodmedia.com
- wakomedia.com
- superpackmedia.com
- socialworldmedia.com
- krouki.com
- kimiclass.com
- goodsuccessmedia.com
- gerymedia.com
- eviralmedia.com