ewterz Threat Alert –Fabookie: A Stealthy InfoStealer Threat Targeting Social Media Accounts – Active IOCs

Severity

High

Analysis Summary

Fabookie is a trojan specifically designed to target Facebook accounts and steal sensitive information. This malicious threat operates by infecting computers and secretly harvesting valuable data without the user’s knowledge. One of the alarming aspects of infostealers like Fabookie is their ability to remain undetected for an extended period, making it difficult to detect their presence until it’s too late.

Once Fabookie infiltrates a computer system, it begins malicious activities by silently collecting sensitive details from the infected device. Its primary focus is stealing Facebook account information, including usernames, passwords, and other credentials associated with the social media platform. Cybercriminals can then use this stolen data for various illicit purposes, such as unauthorized access to Facebook accounts, identity theft, or even selling compromised accounts on underground markets.

The stealthy nature of infostealers like Fabookie makes it challenging for users to realize that their computer has been compromised. The trojan often operates discreetly in the background, evading detection by security software and remaining hidden from the user’s view. As a result, users may only become aware of the attack when they notice suspicious activity on their Facebook accounts or experience unauthorized access.

To protect against Fabookie and similar trojans, it is crucial to maintain a proactive and multi-layered approach to cybersecurity. This includes regularly updating antivirus software and operating systems, using strong and unique passwords for online accounts, enabling two-factor authentication for added security, and being cautious when interacting with unfamiliar links or downloading files from untrusted sources.

By remaining vigilant and implementing robust security measures, users can significantly reduce the chances of falling victim to Fabookie and protect their Facebook accounts and sensitive information from unauthorized access and misuse.

Impact

• Accounts Theft
• Sensitive Information Theft
• Credential Theft

Indicators of Compromise

Domain Name

• app.alie3ksgaa.com
• ji.alie3ksgdd.com

MD5

• 67a7cd9f9fef32fc81696237166d8359
• 13e50553cf74404e0667de093b05d4bb
• d7c215d443e28dc0fe78c36909d1356a
• e9fdeb5c84d1876d82cc117fde5f0879
• bfa5bf4c04cd22e68df0f443effca797

SHA-256

• af96622e503cea942a82577fe25a1284111cb3614a29aaaefaf393c059409008
• 8f1db790b8dcd0cfa72966ee8702bfd44c52600a290e40285b21bd6f356c12c5
• d9cba8aea678e19b497b36f3d5f9869dbd042e45759039444581a5234c59ee7f
• 0f737197c5a1b9b736028c7fd377d0ecce5ca0dc56daef3348d8fe990f286258
• 718643fa7796ed792faa9cc2a139a0d566dae24b00dbd5d7019386d394f79436

SHA-1

• 28c8e9288ec2c3a84a48312c8bac4fec0623205a
• d2b4e780b13305b25cba7cd3b2259d94d84120a8
• eceedf94f82d252f20ad8eb3dd64fcb9a6c09495
• 89f2da007b8f763414579b819ba0eed9caeb1521
• be6db70542a1a4ef925613d8553d28e54a52f423

Remediation

• Block all threat indicators at your respective controls. Search for Indicators of compromise (IOCs) in your environment utilizing your respective security controls.
• Enable two-factor authentication (2FA) on your accounts adds an extra layer of security and can help prevent unauthorized access even if your login credentials have been stolen.
• Regularly backing up your important data can help ensure that you don’t lose any critical information in the event of a malware infection or other data loss event.
• Be wary of emails, attachments, and links from unknown sources. Also, avoid downloading software from untrusted sources or clicking on suspicious ads or pop-ups.
• Make sure all of your software, including your operating system and applications, is up-to-date with the latest security patches. This can help prevent vulnerabilities that could be exploited by info-stealers and other types of malware.
• Promptly apply security patches and updates for operating systems, software applications, and browsers. This helps to address vulnerabilities that threat actors may exploit to deliver malware.
• Utilize web filtering solutions and URL reputation services to block access to known malicious websites and prevent users from visiting potentially dangerous links, such as those used in Fabookie infostealer campaigns.
• Maintain regular backups of critical data, including Facebook Business account information, and ensure they are stored securely offline. This enables quick recovery in case of a successful attack or data loss.