This new malware, dubbed CopperStealer by Proofpoint researchers, is an actively developed password and cookie stealer with a downloader feature that enables its operators to deliver additional malicious payloads to its victims. The cybercriminals behind this malware are using compromised accounts to run malicious ads and deliver additional malware in subsequent advertising campaigns. CopperStealer works by harvesting passwords saved in Google Chrome, Firefox, Yandex, and Opera web browsers. It will also retrieve Facebook User access tokens to collect additional context, including lists of friends, advertisement info, and lists of pages that can be accessed. CopperStealer is being distributed via fake software crack sites and known malware distribution platforms including keygenninja[.]com, piratewares[.]com, startcrack[.]com, and crackheap[.]net. CopperStealer shows similar targeting and delivery methods to the SilentFade malware that is used to steal browser cookies and promote malicious ads via compromised Facebook accounts, leading to over $4 million in damages.
Since account stealing malware such as this provides passwords to scammers behind impersonation attacks and identity theft fraud, users are advised to turn on two-factor authentication whenever it is available. It is also advised that passwords never be shared across logins. Passwords should be unique to each account, and should be reasonably complex and random. Ideally, all passwords should be generated and stored by a password manager application.
Source Article: https://www.bleepingcomputer.com/news/security/new-copperstealer-malware-steals-google-apple-facebook-accounts/