Python NodeStealer Targets Facebook Ads Manager with New Techniques
ID: 30ae2aa4-36fd-500c-8539-ce059c4b8380
STIX ID: report--30ae2aa4-36fd-500c-8539-ce059c4b8380
Feed Name: Netskope Threat Labs
Threat Score
Netskope Threat Labs analyzed multiple Python NodeStealer variants active in 2023–2024 that steal browser credentials, cookies, saved payment (credit card) data, and Facebook Ads Manager information by leveraging techniques such as Windows Restart Manager to unlock browser SQLite databases, registry run-key persistence, large junk-code padding, and batch-file dynamic generation; stolen data is packaged and exfiltrated via Telegram, and associated IOCs are published on GitHub.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.