The Trustwave SpiderLabs report on the Facebook Malvertising Epidemic details the SYS01 infostealer campaign, which began in 2022 and remains active. Initially spread through adult-themed and gaming ads, it now uses Windows themes and AI software lures on Facebook, YouTube, and LinkedIn. Attackers hijack or create business accounts to run fraudulent ads, redirecting victims to Google Sites or malicious domains that deliver disguised ZIP files containing the malware. SYS01 employs DLL sideloading, obfuscation, and sandbox evasion to steal browser data, credentials, and Facebook business tokens, enabling further spread and monetization. Its command-and-control infrastructure is resilient, using fallback via Google Sites and Telegram bots. The campaign shows how threat actors adapt tactics, e

Join for free to read