Thursday, March 28, 2024

CopperStealer Malware Attacks Facebook and Instagram Business Accounts

The cybersecurity researchers at Proofpoint have recently issued all the details regarding a new undocumented malware, which is dubbed as “CopperStealer.”

According to the report, the threat actors are spreading this undocumented malware via fake software that continuously destroying the sites and targeting the users of major assistance providers like Google, Instagram, Facebook, Amazon, Apple. 

This undocumented malware, CopperStealer works like the previously identified malware SilentFade, which is a China-backed malware.

The cybersecurity experts concluded that along with Facebook and Instagram business accounts, it was also targeting the other major service providers that include Apple, Amazon, Google, PayPal, Tumblr, and Twitter, just after investigating a sample.

Distribution Methods

After a proper investigation, the cybersecurity analyst of Proofpoint has perceived suspicious websites that are displayed as “KeyGen” or “Crack” sites.

The websites also include “keygenninja[.]com, piratewares[.]com, startcrack[.]com, and crackheap[.]net,” which is continuously hosting samples that have remitted various malware issues, which also includes the CopperStealer as well.

CopperStealer

These sites promote themselves to endeavor “cracks”, “keygen” and “serials” to bypass the licensing limitations of legitimate software.

Moreover, the security researchers have also recognized these sites eventually contribute Potentially Unwanted Programs/Applications (PUP/PUA) or manage other malicious executables competent for installing and downloading additional payloads.

Data Retrieval of Facebook and Instagram

This new malware has the ability to find and send saved browser passwords, and the following Internet browsers are examined by the researchers particularly for Facebook saved credentials:-

  • Edge
  • Yandex
  • Chrome
  • Opera
  • Firefox

Moreover, when the User Access Token is assembled, the malware demands several API endpoints for Facebook and Instagram so that it can gather more context.

CopperStealer

These contexts include a list of friends, any commercial accounts configured for the user, and a full list of pages the user has been conferred access to. 

Major Version Updates

The analysts have affirmed that they have observed more than 80 different versions in the year and half CopperStealer has been grouped and scattered in the wild.

The release of new versions improved in frequency commencing in August 2020 and already stimulated between October 2020 and February 2021, along with various updates that are eventually being released every month.

Dangerous despite lack of sophistication

CopperStealers operates by harvesting passwords that are saved in the Google Chrome, Yandex, Edge, Firefox, and Opera web browsers, as we told.

Not only this but the malware has dropped utilizing CopperStealer’s downloader module which also involves the modular Smokeloader backdoor, and it also accommodates a wide collection of other malicious payloads that are being downloaded from different “URLs.”

Apart from this, the experts believe that CopperStealer isn’t the most treacherous credential/account stealer in survival, just like others it also has the basic capabilities, and its overall impact can be huge.

However, CopperStealer recovers a download configuration from the very common server that is the c2 server, it helps to extract an archive named “xldl.dat,” it generally resembles to be one of the legitimate download manager named Xunlei from Xunlei Networking Technologies Ltd. 

The Copperstealer goes after huge co-operation provider logins that are similar to social media and search engine accounts, as it helps the threat actors or the operators of it to advertise additional malware or other attacks.

Website

Latest articles

Hackers Actively Exploiting Ray AI Framework Flaw to Hack Thousands of Servers

A critical vulnerability in Ray, an open-source AI framework that is widely utilized across...

Chinese Hackers Attacking Southeast Asian Nations With Malware Packages

Cybersecurity researchers at Unit 42 have uncovered a sophisticated cyberespionage campaign orchestrated by two...

CISA Warns of Hackers Exploiting Microsoft SharePoint Server Vulnerability

Cybersecurity and Infrastructure Security Agency (CISA) has warned about a critical vulnerability in Microsoft...

Microsoft Expands Edge Bounty Program to Include WebView2!

Microsoft announced that Microsoft Edge WebView2 eligibility and specific out-of-scope information are now included...

Beware of Free Android VPN Apps that Turn Your Device into Proxies

Cybersecurity experts have uncovered a cluster of Android VPN applications that covertly transform user...

ZENHAMMER – First Rowhammer Attack Impacting Zen-based AMD Platforms

Despite AMD's growing market share with Zen CPUs, Rowhammer attacks were absent due to...

Airbus to Acquire INFODAS to Strengthen its Cybersecurity Portfolio

Airbus Defence and Space plans to acquire INFODAS, a leading cybersecurity and IT solutions...
Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Mitigating Vulnerability Types & 0-day Threats

Mitigating Vulnerability & 0-day Threats

Alert Fatigue that helps no one as security teams need to triage 100s of vulnerabilities.

  • The problem of vulnerability fatigue today
  • Difference between CVSS-specific vulnerability vs risk-based vulnerability
  • Evaluating vulnerabilities based on the business impact/risk
  • Automation to reduce alert fatigue and enhance security posture significantly

Related Articles