CIO News Hubb
Advertisement
  • Home
  • News
  • Operations CIO
  • Visionary CIO
  • IT Management
  • Information Security
  • Contact
No Result
View All Result
  • Home
  • News
  • Operations CIO
  • Visionary CIO
  • IT Management
  • Information Security
  • Contact
No Result
View All Result
CIO News Hubb
No Result
View All Result
Home Information Security

New Threat Using Facebook Ads to Target Critical Infrastructure Firms

admin by admin
March 7, 2023
in Information Security


Mar 07, 2023Ravie LakshmananData Safety / Cyber Threat

Cybersecurity researchers have discovered a new information stealer dubbed SYS01stealer targeting critical government infrastructure employees, manufacturing companies, and other sectors.

“The threat actors behind the campaign are targeting Facebook business accounts by using Google ads and fake Facebook profiles that promote things like games, adult content, and cracked software, etc. to lure victims into downloading a malicious file,” Morphisec said in a report shared with The Hacker News.

“The attack is designed to steal sensitive information, including login data, cookies, and Facebook ad and business account information.”

The Israeli cybersecurity company said the campaign was initially tied to a financially motivated cybercriminal operation dubbed Ducktail by Zscaler.

However, WithSecure, which first documented the Ducktail activity cluster in July 2022, said the two intrusion sets are different from one another, indicating how the threat actors managed to confuse attribution efforts and evade detection.

The attack chain, per Morphisec, commences when a victim is successfully lured into clicking on a URL from a fake Facebook profile or advertisement to download a ZIP archive that purports to be cracked software or adult-themed content.

Opening the ZIP file launches a based loader – typically a legitimate C# application – that’s vulnerable to DLL side-loading, thereby making it possible to load a malicious dynamic link library (DLL) file alongside the app.

Some of the applications abused to side-load the rogue DLL are Western Digital’s WDSyncService.exe and Garmin’s ElevatedInstaller.exe. In some instances, the side-loaded DLL acts as a means to deploy Python and Rust-based intermediate executables.

Irrespective of the approach employed, all roads lead to the delivery of an installer that drops and executes the PHP-based SYS01stealer malware.

The stealer is engineered to harvest Facebook cookies from Chromium-based web browsers (e.g., Google Chrome, Microsoft Edge, Brave, Opera, and Vivaldi), exfiltrate the victim’s Facebook information to a remote server, and download and run arbitrary files.

Discover the Latest Malware Evasion Tactics and Prevention Strategies

Ready to bust the 9 most dangerous myths about file-based attacks? Join our upcoming webinar and become a hero in the fight against patient zero infections and zero-day security events!

RESERVE YOUR SEAT

It’s also equipped to upload files from the infected host to the command-and-control (C2) server, run commands sent by the server, and update itself when a new version is available.

The development comes as Bitdefender revealed a similar stealer campaign known as S1deload that’s designed to hijack users’ Facebook and YouTube accounts and leverage the compromised systems to mine cryptocurrency.

“DLL side-loading is a highly effective technique for tricking Windows systems into loading malicious code,” Morphisec said.

“When an application loads in memory and search order is not enforced, the application loads the malicious file instead of the legitimate one, allowing threat actors to hijack legitimate, trusted, and even signed applications to load and execute malicious payloads.”

Found this article interesting? Follow us on Twitter  and LinkedIn to read more exclusive content we post.





Source link

Tags: computer securitycyber attackscyber newscyber security newscyber security news todaycyber security updatescyber updatesdata breachhacker newshacking newshow to hackinformation securitynetwork securityransomware malwaresoftware vulnerabilitythe hacker news
Previous Post

2022 H2 IRAP report is now available on AWS Artifact for Australian customers

Next Post

10 Women in Tech That Make It Happen

Related Posts

Information Security

Spyware Vendors Caught Exploiting Zero-Day Vulnerabilities on Android and iOS Devices

by admin
March 29, 2023
Information Security

How to use Amazon GuardDuty and AWS WAF v2 to automatically block suspicious hosts

by admin
March 29, 2023
Information Security

Microsoft Introduces GPT-4 AI-Powered Security Copilot Tool to Empower Defenders

by admin
March 28, 2023
Information Security

20-Year-Old BreachForums Founder Faces Up to 5 Years in Prison

by admin
March 27, 2023
Information Security

Microsoft Warns of Stealthy Outlook Vulnerability Exploited by Russian Hackers

by admin
March 26, 2023
Next Post

10 Women in Tech That Make It Happen

Recommended

Innatelogicalfluency ~ Future of CIO

March 30, 2023

Spyware Vendors Caught Exploiting Zero-Day Vulnerabilities on Android and iOS Devices

March 29, 2023

How to use Amazon GuardDuty and AWS WAF v2 to automatically block suspicious hosts

March 29, 2023

Influencing ~ Future of CIO

March 29, 2023

Microsoft Introduces GPT-4 AI-Powered Security Copilot Tool to Empower Defenders

March 28, 2023

Illogic ~ Future of CIO

March 28, 2023

© CIO News Hubb All rights reserved.

Use of these names, logos, and brands does not imply endorsement unless specified. By using this site, you agree to the Privacy Policy and Terms & Conditions.

Navigate Site

  • Home
  • News
  • Operations CIO
  • Visionary CIO
  • IT Management
  • Information Security
  • Contact

Newsletter Sign Up

No Result
View All Result
  • Home
  • News
  • Operations CIO
  • Visionary CIO
  • IT Management
  • Information Security
  • Contact

© 2022 CIO News Hubb All rights reserved.