Cybersecurity firm, Kaspersky discovers a new credential-stealing campaign on Facebook

The Kaspersky Global Research and Analysis Team has discovered a new malicious campaign leveraging a stealer—a type of malware designed to steal passwords and other account information on Facebook.

The StealC v2 infostealer is being spread through Facebook messages and was first observed in August by the Kaspersky team.

More than 400 incidents have been identified to date, targeting users across multiple countries, including confirmed cases in Kenya, Angola, Ethiopia, Niger, Uganda, and Zambia.

As part of this attack, Facebook users receive messages containing a link disguised as a notification that their account has been blocked.

Clicking the link opens a fake support page claiming that the user’s account has been blocked due to suspicious activity.

READ ALSO: Sanctions for airlines as NCAA moves to enforce passenger rights

To “restore access,” users are prompted to use the “Appeal” button, which initiates the download of a malicious script that installs StealC v2, a dangerous malware offered under a Malware-as-a-Service model, on the victim’s device.

The malware itself steals passwords, cookies, and screenshots, as well as cryptocurrency wallet data.

“Cybercriminals often exploit users’ fear of losing account access and a perceived sense of urgency. This pressure can lead individuals to act without caution, increasing the risk of infection by malware such as StealC v2. Users should remain vigilant and always verify the authenticity of messages before clicking any links,” comments Marc Rivero, lead security researcher at Kaspersky’s Global Research and Analysis Team.

StealC v2, first observed in 2025, significantly enhances the malware’s capabilities and elevates the risk to both individual and corporate users. The original StealC, which emerged in 2023 on dark web platforms, quickly became a sought-after tool among cybercriminals thanks to its accessibility, capabilities, and ease of access.

To be protected from phishing, Kaspersky recommends corporate and individual users practice caution when clicking links, look out for urgency or threats, be cautious of emails demanding immediate action, such as changing a password or providing personal information, verify unsolicited messages, calls, or links, even if they appear legitimate, and never share 2FA codes.

The post Cybersecurity firm, Kaspersky discovers a new credential-stealing campaign on Facebook appeared first on Latest Nigeria News | Top Stories from Ripples Nigeria.