Experts from Palo Alto Networks Unit 42 have uncovered a new tricky scheme called NodeStealer 2.0, which is targeting Facebook business accounts. The way this works is that the scam tempts people with things that sound useful for businesses, like templates for spreadsheets. But in reality, these scammers are taking full control of the accounts. This is a worrying trend because these bad guys have been more and more interested in Facebook business accounts since around July 2022.
In May 2023, a company called Meta shared a report about NodeStealer, a type of sneaky software that steals important information. It was first made in July 2022 and has been causing problems since then. The report talked about how NodeStealer does bad things, which were noticed in January 2023. In December 2022, a new version of NodeStealer showed up in a campaign. This time, it came with two different types that were made using a computer language called Python. These new versions could do more harmful things, like stealing digital money, downloading stuff from the internet, and completely taking control of Facebook business accounts.
The way this new NodeStealer 2.0 scam works is like this: they send fake messages that look like business ads. These messages trick people into clicking on links that seem to come from places where we store files online. But these links secretly make a ZIP file appear on the computer. Inside this file is a sneaky program that steals important information.
Vicky Ray, Director at Unit 42 Cyber Consulting & Threat Intelligence, Asia Pacific & Japan at Palo Alto Networks, emphasized the widespread use of Facebook. “Until 2022, Facebook remains the most popular social networking site, with over 3 million users, comprising 76.4% of the country’s population,” noted Ray. This means many people in Singapore are at risk from NodeStealer. This tricky software can cause problems for individuals and organizations. Apart from creating trouble for Facebook business accounts, it can also steal passwords from web browsers. These stolen passwords can be used to do more bad things. So, it’s really important for all groups to check their safety rules and follow the hints in the report to tackle this problem.
If you have a Facebook business account, it’s smart to use a strong and hard-to-guess password. Also, think about turning on something called “multifactor authentication” for extra security. And it’s a good idea to teach your team about these tricky online tricks, especially the ones that look like they’re about things happening right now or things your business needs. Stay safe online!