The rising threat of SYS01 infostealer: Navigating the malicious mad men of Facebook

New SYS01 Infostealer malware poses threat to Facebook Pages/Businesses

News By Shawn Kanady published 30 September 2024

Infostealer attacks are becoming an increasingly serious threat. Over the past few years, infostealer malware has increasingly become the weapon of choice for cybercriminals as a low-hanging fruit tactic to carry out high-impact data breaches due to their simplicity, vast availability, and low cost.

The Trustwave SpiderLabs Threat Intelligence team recently discovered a new version of the SYS01 infostealer during our ongoing research of malicious activity on Facebook. With over 2.9 billion monthly active users and 200 million business accounts on Facebook, this infostealer poses a significant risk.

In this campaign, hackers use malicious advertisements to steal account credentials to take over Facebook business and personal pages, as well as gain access to users' credentials, history, and cookies in web browsers. The captured information can include saved credit card info, passwords for accounts to other sites, and more. This can then lead to further rippling effects, including disruption of business operations and financial loss.

Shawn Kanady

Global Director, SpiderLabs Threat Hunt Team, Trustwave.

Expanded Facebook User Targeting

SYS01 represents a new wave of infostealer malware with more sophisticated capabilities and evasion techniques, making it a formidable threat.

Since its emergence in March 2023, SYS01 has dramatically evolved. Initially distributed through Facebook advertisements related to adult content and gaming, this new version which has been operating since September 2023, now includes ads for AI-tools and Windows themes. This evolution advances SYS01’s appearance of legitimacy and extends its reach to target the general population, making it more challenging for users to identify and avoid malicious ads.

As this malware continues to evolve and target a larger pool of potential victims, organizations should implement filtering systems to analyze ad content for signs of malware or malicious intent to help mitigate risks. It's also crucial for employees to improve their own ability to recognize spoofed ads and maintain good cybersecurity hygiene by staying informed about the latest trends and tools used by cybercriminals.

The Adaptive Nature of SYS01

SYS01 can manipulate antivirus software configurations to avoid detection and maintain presence on infected systems for extended periods. This makes it much more challenging for traditional security solutions to detect the malware. With the ability to identify virtualized environments used by security researchers for malware analysis, SYS01 can further alter its behavior or halt execution to prevent discovery by security tools.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Contact me with news and offers from other Future brandsReceive email from us on behalf of our trusted partners or sponsors