Cybersecurity firm, Kaspersky discovers a new credential-stealing campaign on Facebook

Kaspersky Uncovers Alarming New Credential-Stealing Campaign Targeting Facebook Users


0

The Global Research and Analysis Team at Kaspersky has uncovered a fresh wave of cyberattacks involving a sophisticated stealer malware aimed at harvesting Facebook login credentials and other sensitive account details.

Identified as StealC v2, this information-stealing malware is disseminated via Facebook messages and was initially detected by Kaspersky researchers in August.

Over 400 cases have been reported so far, affecting users in various nations such as Kenya, Angola, Ethiopia, Niger, Uganda, and Zambia.

In this scheme, Facebook users receive messages containing links that masquerade as alerts about their accounts being suspended.

When victims click these links, they are directed to counterfeit support pages that falsely claim their accounts have been locked due to suspicious activities.

RELATED: Airlines face penalties as NCAA enforces passenger rights

To regain access, users are encouraged to press an “Appeal” button, which triggers the download of a malicious script. This script installs StealC v2-a potent malware distributed through a Malware-as-a-Service platform-onto the victim’s device.

Once active, the malware extracts passwords, browser cookies, screenshots, and even cryptocurrency wallet information.

“Attackers frequently manipulate users’ anxiety about losing access to their accounts, creating a false sense of urgency that can cause hasty decisions. This behavior increases vulnerability to infections like StealC v2. It’s crucial for users to stay alert and confirm the legitimacy of any message before interacting with links,” explains Marc Rivero, lead security analyst at Kaspersky’s Global Research and Analysis Team.

First spotted in 2025, StealC v2 represents a significant upgrade over its predecessor, amplifying the threat to both personal and business users. The original StealC, which surfaced in 2023 on underground forums, quickly gained popularity among cybercriminals due to its user-friendly design and powerful features.

To defend against phishing attacks, Kaspersky advises both individuals and organizations to exercise caution when clicking on links, be wary of messages that create urgency or pressure, scrutinize emails requesting immediate actions like password changes or personal data submission, verify unsolicited communications even if they appear authentic, and never disclose two-factor authentication (2FA) codes.


Like it? Share with your friends!

0

What's Your Reaction?

confused confused
0
confused
Dislike Dislike
0
Dislike
hate hate
0
hate
fail fail
0
fail
fun fun
0
fun
geeky geeky
0
geeky
love love
0
love
lol lol
0
lol
omg omg
0
omg
win win
0
win
Choose A Format
Personality quiz
Series of questions that intends to reveal something about the personality
Trivia quiz
Series of questions with right and wrong answers that intends to check knowledge
Poll
Voting to make decisions or determine opinions
Story
Formatted Text with Embeds and Visuals
List
The Classic Internet Listicles
Countdown
The Classic Internet Countdowns
Open List
Submit your own item and vote up for the best submission
Ranked List
Upvote or downvote to decide the best list item
Meme
Upload your own images to make custom memes
Video
Youtube and Vimeo Embeds
Audio
Soundcloud or Mixcloud Embeds
Image
Photo or GIF
Gif
GIF format
laliga news nigeria : barca held to draw. boat dock private.