Around January-end, Proofpoint researchers spotted and blocked a cookie and password stealer. Named CopperStealer, this malware is believed to be in the same class as that of SilentFade, Scranos, StressPaint, and FacebookRobot. 

What’s going on?

This malware is now targeting Instagram and Facebook business accounts to steal passwords stored in Edge, Chrome, Opera, Firefox, and Yandex. The unauthorized access was then used by the operators to place malicious adverts on the platforms and profit from them. Other CopperStealer samples have been found to be targeting popular platforms, such as Google, Tumblr, PayPal, Apple, Amazon, Twitter, and Bing. 

Some stats your way

  • In the first quarter of this year, the malware compromised up to 5,000 hosts per day.
  • In the first 24 hours of sinkholing activity, 69,992 HTTP requests were logged from 5,046 unique IP addresses in 159 addresses. This represented 4,655 unique infections and the top five countries were India, Brazil, Pakistan, Indonesia, and the Philippines. 

Other threats to social media

CopperStealer is not the only threat looming over social media. Here are others.
  • Instagram witnessed a 50% rise in frauds since the pandemic started. The scams that top the chart include romance, phishing, and influencer sponsors. 
  • COVID-19 vaccine scams aiming to steal user credentials witnessed a surge of 530% with Microsoft being the most imitated brand. However, Facebook, LinkedIn, Yahoo, Outlook, Google accounts, and Outlook are not left behind.

The bottom line

CopperStealer usually targets social media and search engine accounts to advertise malware and make profits from them. The attacks point to the desperation of attackers to leverage social media for maximum monetary gain. Folks, keep your credentials safe.

Cyware Publisher