Skip to content

NodeStealer is a type of malware that can be used to steal Facebook accounts. It’s relatively new and was first discovered by Meta’s security team in January 2023. NodeStealer is distributed through malicious ads, and once installed on a victim’s device, it can steal browser cookies and passwords, which can then be used to hijack Facebook accounts.

In a recent campaign, hackers used NodeStealer to hijack Facebook business accounts. They then used these accounts to run bogus ads that lured victims into downloading the malware. The ads used provocative photos of young women to trick victims into clicking on them. Once victims click on an ad, they download an archive containing a malicious .exe file. This file, when executed, would install NodeStealer on the victim’s device.

Once NodeStealer was installed on the victim’s device, the hackers could steal their Facebook login credentials and other personal information. They could then use this information to hijack the victim’s Facebook account.

How to Protect Yourself from NodeStealer

There are a few things you can do to protect yourself from NodeStealer:

  • Be careful about what ads you click on, especially if they seem too good to be true or use provocative images.
  • Keep your software updated, including your operating system, browser, and antivirus software.
  • Use a strong password manager to create and store unique passwords for all your online accounts.
  • Enable two-factor authentication on all your online accounts.

What to Do if You Think You Have Been Infected with NodeStealer

If you think you may have been infected with NodeStealer, you should take the following steps:

  1. Immediately change your Facebook password and enable two-factor authentication.
  2. Scan your device for malware using your antivirus software.
  3. If your antivirus software finds no malware, you should run a scan using a secondary antivirus program.
  4. If you find any malware, remove it immediately.
  5. Monitor your Facebook account for any suspicious activity. If you notice anything suspicious, you should contact Facebook support immediately.

At the Cyber and Fraud Centre, we regularly get reports of Facebook and Instagram accounts being compromised. Users should be aware that if their account has been compromised and the threat actors update the security details, then the chances of your account being recovered via the Meta account recovery process are extremely low. To date, we’ve heard of no accounts that have even been recovered via the platform’s support systems.

NodeStealer is a severe threat to Facebook users. It is important to be aware of this malware and take steps to protect yourself. 

Related Links: