Ethical Hacking News
A new wave of phishing campaigns has emerged that not only exploits Facebook but also lures users into compromising their security by utilizing the ClickFix technique. These campaigns target Facebook business accounts, potentially leading to financial losses for individuals and businesses, while also stealing credit card data stored in web browsers. The use of Telegram as a vector for data exfiltration further solidifies this threat. Users must be vigilant when interacting with links or attachments from unknown sources and take necessary precautions to protect themselves from these emerging threats.
Phishing emails targeting Facebook business accounts have emerged, exploiting users' trust with the "ClickFix" technique. The malware used in these campaigns can gather personal data, disable Windows Defender, and grant remote access to infected hosts. Facebook Ads Manager accounts are also targeted, potentially allowing malicious actors to collect budget details and facilitate malvertising campaigns. The NodeStealer malware family is linked to this campaign, suspected to have originated in Vietnam, with techniques to evade detection, including Windows Restart Manager. Telegram is used as a vector for data exfiltration, despite recent policy changes.
In a recent revelation that has left cybersecurity experts and enthusiasts alike on high alert, a new campaign of phishing emails has emerged that not only exploits the trust placed in Facebook but also lures users into compromising their security by utilizing a technique known as ClickFix. This technique involves using fake CAPTCHA verification pages to trick victims into downloading malware under the guise of addressing a purported error or completing a reCAPTCHA verification.
According to reports from various cybersecurity firms, including Bitdefender and Cofense, this new campaign targets Facebook business accounts, potentially leading to financial losses for individuals and businesses. The malware used in these campaigns is capable of gathering personal data, disabling Windows Defender, enumerating Windows Security Accounts Manager (SAM) for accounts/groups, stealing browser cookies, and remote access to infected hosts.
One of the most notable aspects of this campaign is its use of a technique called ClickFix, which has become increasingly popular among threat actors in recent months. This technique involves using fake CAPTCHA verification pages to trick users into downloading malware under the guise of addressing a purported error or completing a reCAPTCHA verification. The use of ClickFix allows threat actors to sidestep security controls and infect users without their knowledge.
In addition to exploiting Facebook business accounts, this new campaign also targets Facebook Ads Manager accounts, which are used to manage ad campaigns across Facebook and Instagram. The malware used in these campaigns is capable of collecting budget details from these accounts, which could potentially be used to facilitate malicious activities such as malvertising campaigns that further propagate the malware under the guise of popular software or games.
Furthermore, this campaign has also been linked to a malware family known as NodeStealer, which is suspected to have originated in Vietnam. The NodeStealer malware has been found to use various techniques to evade detection, including using Windows Restart Manager to unlock browser database files and adding junk code to its scripts. This allows the malware to extract more information from victims' Facebook Ads Manager accounts and harvest credit card data stored in web browsers.
The use of Telegram as a vector for data exfiltration is another notable aspect of this campaign. Despite recent changes to its policy, Telegram remains a crucial platform for cybercriminals looking to spread malware and steal sensitive data.
The emergence of this new campaign highlights the ongoing threat posed by phishing emails and the need for users to be vigilant when interacting with links or attachments from unknown sources. It also underscores the importance of keeping software up-to-date and using strong security measures to protect against malware infections.
In conclusion, this new campaign of phishing emails that exploits Facebook, steals credit card data, and lures users into compromising their security is a serious threat that requires immediate attention. Cybersecurity experts and enthusiasts alike must be on high alert and take necessary precautions to protect themselves from this emerging threat.
Related Information:
https://thehackernews.com/2024/11/nodestealer-malware-targets-facebook-ad.html
https://cofense.com/blog/how-much-does-your-information-cost/
https://cofense.com/blog/custom-i2p-rat-i2parcae”-delivered-via-pornographic-customer-support-form-spam
https://socradar.io/apt-profile-cozy-bear-apt29/
https://attack.mitre.org/groups/G0016/
Published: Thu Nov 21 01:13:46 2024 by llama3.2 3B Q4_K_M
