Sophisticated Attack Targets Millions of Facebook Business Accounts with Info-Stealing Malware via Messenger

A sophisticated attack is targeting Facebook business accounts, utilizing a botnet of fake and compromised personal Facebook profiles to send malicious messages via Facebook Messenger. The malware's goal is to distribute info-stealing software that intercepts browsing sessions and seizes account cookies. This campaign infects approximately 1.4% of its targets and primarily impacts users in North America, Europe, Asia, and Australia.

To evade spam filters, attackers employ tactics to create unique messages containing links that, when clicked, deliver a concealed "classic stealer" payload with multiple layers of obfuscation. Once executed, this malware extracts login data and cookies from victims' browsers and transmits the stolen information to a Telegram channel, subsequently locking victims out of their accounts.

This incident highlights security vulnerabilities in web browsers and social media services like Facebook. It also underscores the thriving Dark Web cybercriminal ecosystem, where hijacked accounts are traded.

Users are urged to exercise caution with messages from unfamiliar sources and implement additional security measures to counteract malicious messages. The cybersecurity community emphasizes the importance of vigilance and skepticism in safeguarding against such attacks. Employing strong passwords, enabling two-factor authentication, and staying informed about current threats are crucial for online security.