This new malware, dubbed CopperStealer by Proofpoint researchers, is an actively developed password and cookie stealer with a downloader feature that enables its operators to deliver additional malicious payloads to its victims. The cybercriminals behind this malware are using compromised accounts to run malicious ads and deliver additional malware in subsequent advertising campaigns. CopperStealer works by harvesting passwords saved in Google Chrome, Firefox, Yandex, and Opera web browsers. It will also retrieve Facebook User access tokens to collect additional context, including lists of friends, advertisement info, and lists of pages that can be accessed.  CopperStealer is being distributed via fake software crack sites and known malware distribution platforms including keygenninja[.]com, piratewares[.]com, startcrack[.]com, and crackheap[.]net. CopperStealer shows similar targeting and delivery methods to the SilentFade malware that is used to steal browser cookies and promote malicious ads via compromised Facebook accounts, leading to over $4 million in damages.