CopperStealer malware, an undetected malware payload, has been quietly taking over Facebook, Google, Amazon, and other accounts for years…
CopperStealer malware, malicious code that has gone undocumented until now, has been on the lose since at least 2019. Security researchers have only recently managed to identify the threat actor, which has the dubious distinction of hijacking online accounts for nefarious activities. These include the largest of digital providers, like Facebook, Apple, Amazon, and Google,as well as other internet giants.
New Account-Stealing CopperStealer Malware Threatens Google, Apple, Facebook Users
The malware, dubbed CopperStealer by Proofpoint researchers, is an actively developed password and cookie stealer. It contains a downloader feature that enables its operators to deliver additional malicious payloads to infected devices. Hackers behind the scheme use compromised accounts to run malicious ads, along with delivering additional malware in subsequent malvertising campaigns.
CopperStealer begins its criminal campaigns by harvesting passwords saved in the most popular web browsers, including Google Chrome, Microsoft Edge, Mozilla Firefox, Yandex, and Opera. Plus, it can also retrieve victims’ Facebook User Access Tokens using stolen cookies to collect additional context, including their list of friends, advertisement accounts info, and a list of Facebook pages they can access.
The hackers’ end goals include impersonation attacks, as well as identity theft fraud. So, consumers are urged to enable two-factor authentication wherever possible.