NodeStealer: New Information-stealing Threat Terminated by Facebook


A new information-stealing malware, named NodeStealer, has been discovered by Facebook. It can steal browser cookies to hijack accounts on the platform, as well as Outlook and Gmail accounts. Furthermore, it allows its operator to bypass 2FA.

About the campaign

Facebook’s engineers spotted the NodeStealer malware first in late January and linked the attacks to Vietnamese threat actors.

  • Cybercriminals aim to hijack the Facebook account’s ability to run advertising campaigns and push misinformation or lead audiences to sites spreading malware.
  • The malware can steal cookies, along with account credentials stored in popular web browsers, including Google Chrome, Bave, Edge, and Opera.
  • NodeStealer spreads as a Windows executable file (46–51 MB in size), impersonating a PDF or Excel document with an appropriate name to raise curiosity among the users.

Read more…