Unmasking the SYS01 Infostealer Threat: Bitdefender Labs Tracks Global Malvertising Campaign Targeting Meta Business Pages

Bitdefender Labs describes an active, global malvertising campaign (SYS01) that uses Meta ads to distribute an ElectronJS-packaged infostealer. The attackers impersonate popular brands and software, host downloads on file-sharing sites, leverage nearly a hundred malicious domains and dynamic C2s (including Telegram-based discovery), employ sandbox-evasion and obfuscation, persist via scheduled tasks, and monetize by hijacking Facebook Business accounts to scale ad distribution and sell stolen credentials. The report includes sample IOCs and actionable protections such as using official sources, enabling 2FA, and employing updated security solutions.