New CopperStealer Malware Hijacks Social Media Accounts

Researchers with Proofpoint released details today on new undocumented malware called CopperStealer.  

CopperStealer has many of the same targeting and delivery methods as SilentFade, a Chinese-sourced malware family first reported by Facebook in 2019. Proofpoint believes Copperstealer is a previously undocumented family within the same class of malware as SilentFade.

The Copperstealer malware attempts to steal the account passwords to Facebook, Instagram, Google, and other major service providers, according to Proofpoint. The stolen passwords are used to run malicious ads for profit and spread more malware. 

"CopperStealer is going after big service provider logins like social media and search engine accounts to spread additional malware or other attacks," says Sherrod DeGrippo, senior director of threat research at Proofpoint. "These are commodities that can be sold or leveraged. Users should turn on two-factor authentication for their service providers."

Researchers were first alerted to the malware sample in late January. The earliest discovered samples date back to July 2019.  

"While we analyzed a sample that targets Facebook and Instagram business and advertiser accounts, we also identified additional versions that target other major service providers, including Apple, Amazon, Bing, Google, PayPal, Tumblr and Twitter," Proofpoint said in a blog post. 

The full post can be found here.