Threat actors have turned to Facebook ads to unleash NodeStealer on unsuspecting victims, and they’re using scantily clad women to achieve this. 

Facebook is no stranger to finding its ad network compromised to spread malware, but what’s interesting about this latest campaign is that it primarily targets males. At the core of this attack is NodeStealer, a strain of malware which has been active for several months. However, NodeStealer has changed. At the start of its existence, it was designed in JavaScript, but it’s now being coded with the Python programming language. 

NodeStealer is part of a wider campaign, believed to have its origins in Vietnam, to steal sensitive data, and it’s more than worthy of your attention. 

How Does NodeStealer Target its Victims? 

Using marketing strategies almost as old as time, the threat actors behind NodeStealer have used the provocative lure of female flesh to entice their victims. Taking advantage of the massive reach of Facebook’s ad network, these threat actors have created adverts which contain revealing photos of young women. The objective of these adverts is to encourage people to click on them, a process which will download an archive of malicious files. 

One of these files is called Photo Album.exe but, far from containing any photos, it simply downloads a further executable file which unleashes NodeStealer. With NodeStealer running rampant on an infected system, it will begin harvesting login credentials and, in particular, it will attempt to take control of Facebook business accounts. With further business accounts compromised, NodeStealer can launch even more malicious ad campaigns and spread itself further. 

Stay Safe from the Threat of NodeStealer 

NodeStealer is a classic example of malware deceiving its victims to achieve its goal. And it’s not surprising to hear that the 18 – 65 male demographic have made up the majority of its victims. Regardless of the bait, however, NodeStealer provides us with a number of interesting lessons to learn. The most important takeaways should be: 

For more ways to secure and optimize your business technology, contact your local IT professionals. 

Read More


As the popularity of AI apps soars, the latest being Google’s Bard, it’s becoming clearer that threat actors are taking advantage of this popularity.

The latest attack to be launched revolves around BundleBot, a new brand of malware which is as stealthy as it is dangerous. Bundlebot is typically found lurking within Facebook ads that promise to take you to websites containing AI utilities and games. These websites, however, are malicious. Users report that these malicious websites are similar, in terms of design, to Bard, but their main objective is to encourage users to download malicious files, most typically hosted on an external storage site such as Dropbox.

As we become more and more interested in AI, it’s important that we remain on guard against threats such as BundleBox, so let’s take a more in-depth look at what it is.

The Lowdown on BundleBox

Once the malicious file – an RAR archive file often named Google_AI.rar – is downloaded and executed, the BundleBox campaign begins. Within this archive file, is an executable file called GoogleAI.exe which, once activated, retrieves a ZIP file (ADSNEW-1.0.0.3.zip). Once opened, this ZIP file contains a further application by the name of RiotClientServices.exe. This executable is used to fully launch, through the use of a .dll file, the BundleBox attack.

Thanks to junk code being built into Bundlebox’s design, it is able to operate stealthily and away from the attentions of anti-malware software. While it remains hidden, BundleBox utilizes a ‘command and control’ function to steal sensitive data and transmit it to a remote location. The perpetrators behind BundleBox, currently, remain a mystery, but it’s believed they are from Vietnam, due to similar Vietnamese-based attacks being launched through Facebook in recent months.

Staying Safe from BundleBox and Similar Threats

There is no definitive solution to a BundleBox infection at present, but there are plenty of ways you can protect your PCs from falling victim. Make sure that your organization enforces the following:

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More