Unmasking the SYS01 Infostealer Threat: Bitdefender Labs Tracks Global Malvertising Campaign Targeting Meta Business Pages

Bitdefender Labs reports an active, global malvertising campaign leveraging Meta ads to distribute the SYS01 InfoStealer via malicious Electron applications and password-protected archives; the malware uses obfuscated JavaScript, PowerShell and IonCube-encoded PHP for persistence and C2 communications, targets Facebook Business accounts to scale ad distribution, employs sandbox detection and rapid code updates for evasion, and is linked to dozens of malicious hosting and C2 domains.