Facebook thwarts recently discovered NodeStealer malware designed for information theft

Facebook found a new malware called NodeStealer on Meta that steals browser cookies to hijack accounts on Facebook, Gmail, and Outlook. NodeStealer is written in JavaScript and uses Node.js, making it run on Windows, macOS, and Linux. It is disguised as a PDF or Excel document, and the malware’s goal is to steal account credentials for Facebook, Gmail, and Outlook. Facebook identified the malware early and has disrupted the operation, helping affected users recover their accounts. The malware abuses Facebook API to extract information about the breached account and targets the account’s ability to run advertising campaigns. Facebook has shared its data on Facebook’s public GitHub repository for those interested in IOCs related to NodeStealer, DuckTail, and malware imitating ChatGPT.