Python-based nodestealer version targets facebook ads manager

Intel Name: Python-based nodestealer version targets facebook ads manager

Date of Scan: December 26, 2024

Impact: High

Summary:
The NodeStealer malware has evolved from JavaScript to Python, enhancing its ability to steal sensitive data. Our team uncovered this updated variant in a campaign targeting a Malaysian educational institution, linked to a Vietnamese group. It harvests browser data, credit card details, and Facebook Ads Manager accounts for financial information. The infection begins with a spear-phishing email, deploying the malware disguised as a legitimate app, using DLL sideloading and encoded PowerShell commands to evade detection and exfiltrate data via Telegram.

More Details