Rewterz Threat Alert – Fabookie: A Stealthy InfoStealer Threat Targeting Facebook Accounts – Active IOCs

Severity

High

Analysis Summary

Fabookie is a trojan specifically designed to target Facebook accounts and steal sensitive information. This malicious threat operates by infecting computers and secretly harvesting valuable data without the user’s knowledge. One of the alarming aspects of infostealers like Fabookie is their ability to remain undetected for an extended period, making it difficult to detect their presence until it’s too late.

Once Fabookie infiltrates a computer system, it begins its malicious activities by silently collecting sensitive details from the infected device. Its primary focus is on stealing Facebook account information, including usernames, passwords, and other credentials associated with the social media platform. This stolen data can then be used by cybercriminals for various illicit purposes, such as unauthorized access to Facebook accounts, identity theft, or even selling the compromised accounts on underground markets.

The stealthy nature of infostealers like Fabookie makes it challenging for users to realize that their computer has been compromised. The trojan often operates discreetly in the background, evading detection by security software and remaining hidden from the user’s view. As a result, users may only become aware of the attack when they notice suspicious activity on their Facebook accounts or experience unauthorized access.

To protect against Fabookie and similar trojans, it is crucial to maintain a proactive and multi-layered approach to cybersecurity. This includes regularly updating antivirus software and operating systems, using strong and unique passwords for online accounts, enabling two-factor authentication for added security, and being cautious when interacting with unfamiliar links or downloading files from untrusted sources.

By remaining vigilant and implementing robust security measures, users can significantly reduce the chances of falling victim to Fabookie and protect their Facebook accounts and sensitive information from unauthorized access and misuse.

Impact

• Facebook Accounts Theft
• Sensitive Information Theft
• Credential Theft

Indicators of Compromise

MD5

• 8ad25c3f9afe964316793e21422c7cdd
• 3542f9fe5e390665d0a4dd4ee99c7ac8
• e0493eb151609418846b7b9f85b0e828
• ec26f3d39e4631f0b6aca3366bc3620a
• f28dac36f06299a8be8446ec1399bfc7
• d76a9b8e3f5c64f27e81543c218327bd
• ea11d0630e80d6352a12d2f6038e10cf

SHA-256

• 8b86217f459ed9cf84163cde1e053475537fba54fff6797cb000a3f806c7ec8c
• ae2ad7775613965fcbfafe90396130afb9754433bc7f9bd24f5e1b63c4d51167
• e760a431ae112201eafbbf9bda09a4edc3da36ec92ceef57eb76d587e6693eb7
• 55fae777d74a76aa182ace8254102c0c5a312e22d28628ac56561d79d19fc95d
• ba85ef6668b8a930e39c0f5988187d1931209706999c70aba86a635ac8c5086f
• c8d9d36cfd174f400bca54c388092d3cd03e36d4e4c11368fca86b09bac5cbed
• 2b21d02167f4e5bb4754d83bf9d69bcbd09b5a1507ab8045eaefb1980ecb989f

SHA-1

• 9c4c59332306264880171b1beb026e9c49f467c7
• 2b36de8442838a880a7a26718d7c0b630008f9b0
• 32cbf270b44eefdd76ce40b9a07e8fca69e284f7
• ec6ad15861d2bf3ca3bea06e8dabb654fc0bd6c0
• 42e53a9c744bdf5397ac0a73997d0d8fa5f98856
• a1c7ca2caaeb2308639946f60cf500a13beeff4a
• 68ebbf2da9c694c1dfc5fbcf424001073fb8ab6b

Remediation

• Block all threat indicators at your respective controls.
• Search for Indicators of compromise (IOCs) in your environment utilizing your respective security controls
• Emails from unknown senders should always be treated with caution.
• Never trust or open links and attachments received from unknown sources/senders.
• Enable antivirus and anti-malware software and update signature definitions in a timely manner. Using multi-layered protection is necessary to secure vulnerable assets
• Patch and upgrade any platforms and software timely and make it into a standard security policy. Prioritize patching known exploited vulnerabilities and zero-days.