Alert! Malware posing as popular office tools can hack Facebook business account, steal private data

Facebook in May reported of a new information-stealing malware called ‘NodeStealer,’ that allowed cyber criminals to steal browser cookies to hijack accounts on Meta, as well as Gmail and Outlook accounts. Now, another new malware is now doing rounds on its platform targeting Business accounts on the platform.
According to a report by PaloAlto Networks’ Unit 42, researchers have discovered a new malware that can takeover Facebook business accounts. The malware works by concealing itself as office tools like spreadsheet templates and being delivered through phishing campaigns. The target of this malware can go beyond Facebook and its platforms. Reportedly, once installed on a victim’s computer, this malware don’t just steal Facebook business account credentials like follower count, user verification status, and the paid status, but can also steal cryptocurrency and use Telegram to access private and crucial data.

The phishing campaign was seen delivering two kinds of malware in December 2022. The cybercriminals, through multiple fake Facebook pages and users, posted information persuading users to download a link from some popular cloud storage providers. These links downloaded a .zip type of file that contained the corrupt info stealer .exe files. While the first variant shows obvious signs of abnormal activity, like closing pop-up windows, the second variant is harder to detect.

These malwares use the Meta Graph API to steal data by connecting to the victim’s account and access information about followers, verification status, and account prepaid status. The second variant is more severe as it is also capable of replacing the user’s email with the attacker’s email, locking the user out of the account permanently.

Businesses should take steps like using updated antivirus software, going for two-factor authentication for Facebook business accounts and being careful about clicking on links in emails or social media messages to safeguard themselves.