Attack campaign uses PHP-based infostealer to target Facebook business accounts

Over the past year, a group of attackers has targeted Facebook business account owners by spreading information stealing malware through malicious Google ads or fake Facebook profiles. The infection chain uses DLL sideloading via legitimate apps, as well as self-contained executable files written in various programming languages such as Rust, Python, and PHP.

“We have seen SYS01stealer attacking critical government infrastructure employees, manufacturing companies, and other industries,” researchers from security firm Morphisec said in a new report. “The threat actors behind the campaign are targeting Facebook business accounts by using Google ads and fake Facebook profiles that promote things like games, adult content, and cracked software, etc. to lure victims into downloading a malicious file. The attack is designed to steal sensitive information, including login data, cookies, and Facebook ad and business account information.”

To read this article in full, please click here