facebook malware
A new attack involving a previously unknown malware named ‘Album Stealer’ has been spotted by Zscaler, targeting Facebook users.
The attack employs adult images to trick Facebook users into downloading a malicious ZIP archive and essentially infect themselves with information-stealing malware.
The adversaries’ goal is to steal Facebook credentials and take over accounts, particularly Business accounts that have access to ad and marketing campaigns. The threat actors use that access to run malicious campaigns for their own benefit, directing the ad-generated revenue to their bank accounts.
The attack begins with the threat actors using fake Facebook profile pages containing adult images of women to lure users into clicking on them. Those profiles contain a link to an archive that supposedly contains an album of more pictures.
Clicking on that link delivers a ZIP archive from Microsoft OneDrive, to evade anti-virus warnings. The archive contains an executable file named Album.exe, a malicious DLL, and a dat file.
Album.exe is in reality a PDF viewer that side-loads the malicious DLL to initiate the malware loading process. The executable also executes a self-extracting archive that contains images of women to serve as a decoy.
Meanwhile, in the background, the malware adds new registry keys to establish persistence on the system and continues the infection chain by loading several additional executables downloaded in each step.
Finally, Album Stealer is loaded onto the system, collecting data from the compromised computer and sending it to the command and control server.
Mots-clés : cybersécurité, sécurité informatique, protection des données, menaces cybernétiques, veille cyber, analyse de vulnérabilités, sécurité des réseaux, cyberattaques, conformité RGPD, NIS2, DORA, PCIDSS, DEVSECOPS, eSANTE, intelligence artificielle, IA en cybersécurité, apprentissage automatique, deep learning, algorithmes de sécurité, détection des anomalies, systèmes intelligents, automatisation de la sécurité, IA pour la prévention des cyberattaques.
Bots et IA biaisées : une menace silencieuse pour la cybersécurité des entreprises Introduction Les…
Cloudflare en Panne : Causes Officielles, Impacts et Risques pour les Entreprises Le 5 décembre…
Introduction La cybersécurité est aujourd’hui une priorité mondiale. Récemment, la CISA (Cybersecurity and Infrastructure Security…
La transformation numérique face aux nouvelles menaces Le cloud computing s’impose aujourd’hui comme un…
Les attaques par déni de service distribué (DDoS) continuent d'évoluer en sophistication et en ampleur,…
Face à l'adoption croissante des technologies d'IA dans les PME, une nouvelle menace cybersécuritaire émerge…
This website uses cookies.