NodeStealer 2.0 - The Python Version: Stealing Facebook Business Accounts

Palo Alto Networks Unit 42 researchers have unveiled a new phishing campaign named NodeStealer 2.0, aimed at Facebook business accounts. The campaign entices victims with free business tools, like spreadsheet templates, to completely take over the accounts. This strategy indicates a concerning trend among threat actors, who have been increasingly targeting Facebook business accounts which emerged around July 2022.

In May 2023, Meta released a report on NodeStealer, a new information-stealing malware initially compiled in July 2022. The report highlighted malicious activities involving NodeStealer that were identified in January 2023. In December 2022, a campaign featuring a new version of Nodestealer emerged. This new campaign involved two Python-written variants with enhanced capabilities, including cryptocurrency theft, downloading abilities, and a complete takeover of Facebook business accounts.