The Global Research and Analysis Team at Kaspersky has uncovered a fresh wave of cyberattacks involving a sophisticated stealer malware aimed at harvesting Facebook login credentials and other sensitive account details.
Identified as StealC v2, this information-stealing malware is disseminated via Facebook messages and was initially detected by Kaspersky researchers in August.
Over 400 cases have been reported so far, affecting users in various nations such as Kenya, Angola, Ethiopia, Niger, Uganda, and Zambia.
In this scheme, Facebook users receive messages containing links that masquerade as alerts about their accounts being suspended.
When victims click these links, they are directed to counterfeit support pages that falsely claim their accounts have been locked due to suspicious activities.
RELATED: Airlines face penalties as NCAA enforces passenger rights
To regain access, users are encouraged to press an “Appeal” button, which triggers the download of a malicious script. This script installs StealC v2-a potent malware distributed through a Malware-as-a-Service platform-onto the victim’s device.
Once active, the malware extracts passwords, browser cookies, screenshots, and even cryptocurrency wallet information.
“Attackers frequently manipulate users’ anxiety about losing access to their accounts, creating a false sense of urgency that can cause hasty decisions. This behavior increases vulnerability to infections like StealC v2. It’s crucial for users to stay alert and confirm the legitimacy of any message before interacting with links,” explains Marc Rivero, lead security analyst at Kaspersky’s Global Research and Analysis Team.
First spotted in 2025, StealC v2 represents a significant upgrade over its predecessor, amplifying the threat to both personal and business users. The original StealC, which surfaced in 2023 on underground forums, quickly gained popularity among cybercriminals due to its user-friendly design and powerful features.
To defend against phishing attacks, Kaspersky advises both individuals and organizations to exercise caution when clicking on links, be wary of messages that create urgency or pressure, scrutinize emails requesting immediate actions like password changes or personal data submission, verify unsolicited communications even if they appear authentic, and never disclose two-factor authentication (2FA) codes.
