CopperStealer, a previously undocumented password and cookie stealer, has been compromising accounts of the likes of Facebook, Apple, Amazon and Google for the past couple of years have been using them for cyber criminal activity.
Accounts of advertisers and users of the four web giants have been compromised since July 2019. The malware acts similarly to the previously discovered, China-backed malware family SilentFade.
CopperStealer has an actively developed password and cookie stealer with a downloader function, which is capable of delivering additional malware after performing the initial theft. It’s not only similar to SilentFade, but other malware such as StressPaint, FacebookRobot and Scranos. It is thought that cyber criminals use accounts to run deceptive ads on some of the social media websites. These point those who see the adverts towards phishing pages.
Additional versions of CopperStealer seem to focus on other major service providers, including Apple, Amazon, Bing, Google, PayPal, Tumblr and Twitter.
CopperStealer has been offered on legitimate websites offering ways to evade licensing restrictions of legitimate software such as Microsoft 365. However, instead of providing users with the software free of charge they were instead downloading malicious executables capable of installing and downloading additional payloads. Researchers worked with some of the websites being taken advantage of by CopperStealer to intercept and gain a better understanding of the malware. As a result, the ability of cyber criminals to collect victim data has been restricted, while it has been discovered that CopperStealer is not very sophisticated and has basic capabilities.
It also appears that CopperStealer is targeting users around the world, and has no regard for what industry they are working in. Neuways advise employees to be careful when engaging with potential phishing emails. If your business has social media channels, it is worth using a Password Manager to help secure the account credentials for these pages. If CopperStealer were to gain access to your company’s Facebook page and start running spam adverts, your business will experience damage to its reputation from followers, which could include both customers and suppliers.