NodeStealer Malware Hijacking Facebook Business Accounts for Malicious Ads


Compromised Facebook business accounts are being used to run bogus ads that employ “revealing photos of young women” as lures to trick victims into downloading an updated version of a malware called NodeStealer.

“Clicking on ads immediately downloads an archive containing a malicious .exe ‘Photo Album’ file which also drops a second executable written in .NET – this payload is in charge of stealing browser cookies and passwords,” Bitdefender said in a report published this week.

NodeStealer was first disclosed by Meta in May 2023 as a JavaScript malware designed to facilitate the takeover of Facebook accounts. Since then, the threat actors behind the operation have leveraged a Python-based variant in their attacks.