Python-Based NodeStealer Malware Targets Facebook Ads Manager
/ 1 min read
🐍 NodeStealer malware evolves into a sophisticated Python-based threat. Trend Micro’s Managed XDR team has identified an advanced variant of NodeStealer, now utilizing Python instead of JavaScript, which targets sensitive data, including credit card information and Facebook Ads Manager accounts. This malware is delivered through spear-phishing emails containing malicious links, leading to the installation of the malware disguised as legitimate applications. The infection process employs techniques like DLL sideloading and encoded PowerShell commands to evade detection, ultimately exfiltrating stolen data via Telegram. The campaign, linked to a Vietnamese threat group, highlights the need for enhanced cybersecurity measures and user education to combat such evolving threats effectively.
