A sinister new trend in cybercrime tactics on Facebook has been discovered by Bitdefender Labs. Cookies and passwords are being stolen by hackers using a new virus called NodeStealer. Hackers can use this piece of code to steal your web browser data and access your Facebook account through JavaScript and Node.js.

The company uses cunning malvertising campaigns, which are fake ads that look like they come from Meta, the company that owns Facebook. Clicking on these ads actually downloads the NodeStealer virus, which then begins spying on your online activities.

It is not uncommon for hackers to post ads on Facebook with pictures of pretty girls in order to get you to click on them. But don’t be fooled. Those ads are actually hiding a nasty virus that steals your passwords and personal information.

According to Bitdefender researchers, at least 10 Facebook accounts belonging to businesses have been hacked and used to spread these ads. The ads have a link that says “Photo Album,” but when you click on it, a virus infects your computer. Once the file gets access to your browser cookies and passwords, hackers can gain access to your accounts.

There is a great deal of concern about the sheer reach of these campaigns. The Bitdefender analysis estimates 100,000 potential downloads, with one ad generating 15,000 downloads in just a 24-hour period. Males over 45 are disproportionately affected, highlighting the targeted nature of these attacks.

After being discovered by Meta’s security team in early 2023, NodeStealer has undergone a rapid and troubling transformation. Initially designed to steal browser cookies and take over large-scale accounts, the malware now boasts enhanced features enabling unauthorized access to additional platforms such as Gmail and Outlook.