Advisory ID: NCC-CSIRT-090523-022
Summary: Malware analysis engineers from Meta discovered a new malware called NodeStealer that targets saved usernames and passwords in browsers, with the aim of compromising businesses' Gmail, Outlook and Facebook accounts.
Vulnerable Platform(s): Browsers
Threat Type: Malware
Impact/Probability: CRITICAL/HIGH
Product : Gmail, Outlook and Facebook Applications
Version: All Version
Description: According to the analysts, hackers are distributing the NodeStealer malware through Windows executables that look like PDF files and have filenames related to marketing, social media planning, and monthly budgets. The malware is being executed using the Node.js open source Javascript runtime environment, typically used to develop web applications. After execution, the malware steals the stored credentials and cookie session data from various browsers (Chrome, Opera, Edge and Brave) on victim computers, by referencing the file paths to access files storing cookies and credentials for various sites and decrypting this data.
Consquences: The malware specifically steals user credentials for Facebook, Gmail, and Outlook accounts.
Solution :
- To avoid NodeStealer Malware, you should practice safe computing habits, such as avoiding suspicious emails and downloads, keeping antivirus software up to date, and regularly backing up important data.
- If you suspect that your system has been infected with NodeStealer, disconnect from the internet and seek the assistance of a reputable cybersecurity professional or use a trusted anti-malware application to remove the threat automatically.
References:
https://www.bleepingcomputer.com/news/security/facebook-disrupts-new-nodestealer-information-stealing-malware/
https://www.securityweek.com/meta-swiftly-neutralizes-new-nodestealer-malware/
https://duo.com/decipher/nodestealer-malware-targets-gmail-outlook-facebook-credentials
https://www.cyclonis.com/remove-nodestealer-malware/
https://www.pcrisk.com/removal-guides/26669-nodestealer-malware