www.itfunk.orgwww.itfunk.orgwww.itfunk.org
  • Home
  • Tech News
    Tech NewsShow More
    Under the Hood of Microsoft’s May 2025 Patch Tuesday: The CLFS and WinSock Problem Microsoft Can’t Seem to Fix
    7 Min Read
    The Hidden Sabotage: How Malicious Go Modules Quietly Crashed Linux Systems
    6 Min Read
    Agentic AI: The Next Frontier in Cybersecurity Defense and Risk​
    5 Min Read
    Cybersecurity CEO Arrested for Allegedly Installing Malware on Hospital Computers: A Stark Reminder of Insider Threats
    8 Min Read
    Cybercriminals Hijack Google’s Reputation
    7 Min Read
  • Cyber Threats
    • Malware
    • Ransomware
    • Trojans
    • Adware
    • Browser Hijackers
    • Mac Malware
    • Android Threats
    • iPhone Threats
    • Potentially Unwanted Programs (PUPs)
    • Online Scams
  • How To Guides
    How To GuidesShow More
    Tasksche.exe Malware
    Nviqri Someq Utils Unwanted Application
    4 Min Read
    How to Deal With Rbx.fund Scam
    4 Min Read
    How to Jailbreak DeepSeek: Unlocking AI Without Restrictions
    4 Min Read
    Why Streaming Services Geo-Restrict Content?
    10 Min Read
  • Product Reviews
    • Hardware
    • Software
  • IT/Cybersecurity Best Practices
    IT/Cybersecurity Best PracticesShow More
    Under the Hood of Microsoft’s May 2025 Patch Tuesday: The CLFS and WinSock Problem Microsoft Can’t Seem to Fix
    7 Min Read
    Affordable Endpoint Protection Platforms (EPP) for Small Businesses
    5 Min Read
    Outlaw Malware: A Persistent Threat Exploiting Linux Servers
    4 Min Read
    CVE-2024-48248: Critical NAKIVO Backup & Replication Flaw Actively Exploited—Patch Immediately
    6 Min Read
    How to Jailbreak DeepSeek: Unlocking AI Without Restrictions
    4 Min Read
  • FREE SCAN
  • Cybersecurity for Business
Search
  • ABOUT US
  • TERMS AND SERVICES
  • SITEMAP
  • CONTACT US
© 2023 ITFunk.org. All Rights Reserved.
Reading: How to Protect Your Facebook Account from the Info Stealer Known as SYS01?
Share
Notification Show More
Font ResizerAa
www.itfunk.orgwww.itfunk.org
Font ResizerAa
  • Tech News
  • How To Guides
  • Cyber Threats
  • Product Reviews
  • Cybersecurity for Business
  • Free Scan
Search
  • Home
  • Tech News
  • Cyber Threats
    • Malware
    • Ransomware
    • Trojans
    • Adware
    • Browser Hijackers
    • Mac Malware
    • Android Threats
    • iPhone Threats
    • Potentially Unwanted Programs (PUPs)
    • Online Scams
  • How To Guides
  • Product Reviews
    • Hardware
    • Software
  • IT/Cybersecurity Best Practices
  • Cybersecurity for Business
  • FREE SCAN
Follow US
  • ABOUT US
  • TERMS AND SERVICES
  • SITEMAP
  • CONTACT US
© 2023 ITFunk.org All Rights Reserved.
www.itfunk.org > Blog > Cyber Threats > How to Protect Your Facebook Account from the Info Stealer Known as SYS01?
Cyber Threats

How to Protect Your Facebook Account from the Info Stealer Known as SYS01?

ITFunk Research
Last updated: October 3, 2023 6:55 am
ITFunk Research
Share
How to Protect Your Facebook Account from the Info Stealer Known as SYS01?
SHARE

SYS01 is an Info Stealer that Targets the Facebook Accounts of Government Infrastructure Employees

Researchers specializing in cybersecurity have uncovered an information-stealing malware that specifically targets the Facebook accounts of employees working in critical government infrastructure. Known as Sys01 Stealer, this malware is distributed through sponsored advertisements on popular search engines and fake Facebook accounts promoting adult content, games, and cracked software. 

Once downloaded, the malware discreetly executes on the victim’s computer by utilizing DLL side-loading, a technique that evades detection by security software. We would like to  provide insights into the infection chain and the malicious capabilities of this threat.

The distribution and execution methods employed by Sys01 Stealer bear similarities to another malware called “S1deload Stealer,” which also focuses on stealing data from Facebook and YouTube accounts. The threat posed by such malware is substantial, as they are purposefully designed to pilfer sensitive information and possess the ability to bypass certain security measures.

Since November 2022, Sys01 Stealer has been targeting employees across different sectors, including government and manufacturing. Its primary objective is to extract sensitive data like login credentials, cookies, and Facebook ad and business account information from unsuspecting victims.

As mentioned, the attackers utilize multiple tactics to lure their targets, including deceptive advertisements or creating fictitious Facebook accounts. The ads and accounts contain URLs that lead to ZIP archives, supposedly containing movies, games, or applications. 

Within the ZIP archive, there is a loader—a legitimate application with a vulnerability in DLL side-loading—along with an unsafe library that undergoes side-loading. This library deploys the Inno-Setup installer, responsible for installing the final payload in the form of a PHP application. This application includes compromised scripts used for data harvesting and exfiltration.

Sys01 Stealer incorporates a PHP script to establish persistence by scheduling tasks on the infected system. The primary script with the information-stealing functionality has various capabilities. It can determine if the victim has a Facebook account and is logged in, download and execute files from a designated URL, upload files to a command-and-control server, and execute commands.

According to the analysis, the information stealer employs multiple programming languages, including Rust, Python, PHP, and advanced PHP encoders, to evade detection.

To mitigate the risk of infections from threats like Sys01 Stealer, it is highly recommended for organizations to implement a zero-trust policy, which would restrict employees’ rights to download and install programs. Zero-Trust is a security approach that ensures everyone, whether inside or outside an organization’s network, has to prove their identity, get permission, and constantly demonstrate their security settings and conditions to access applications and data. This means nobody is automatically trusted, and everyone must continually prove they are secure before accessing sensitive information. Also, educating employees about the techniques employed by threat actors and raising awareness to detect and avoid social engineering tactics is crucial in preventing such infections.

If you are still having trouble, consider contacting remote technical support options.

You Might Also Like

DrTuber.com Ads Virus
Recipio Adware
Desolator Ransomware (.desolated)
SyncAppFix Scam
pphouse3.fun
TAGGED:Facebook ThreatsInfo Stealers

Sign Up For Daily Newsletter

Be keep up! Get the latest breaking news delivered straight to your inbox.
By signing up, you agree to our Terms of Use and acknowledge the data practices in our Privacy Policy. You may unsubscribe at any time.
Share This Article
Facebook Copy Link Print
Share
Previous Article How to Protect Yourself Against the NEQP Ransomware Infection?
Next Article adware How to Deal with the Edge Adware?
Leave a Comment

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Think You're Infected? Let's Find Out – FAST.
SpyHunter identifies viruses, ransomware, and hidden threats in under a minute.
🛡️ Scan Your Device for Free
✅ Free Scan Available • ⭐ Catches malware instantly
//

Check in Daily for the best technology and Cybersecurity based content on the internet.

Quick Link

  • ABOUT US
  • TERMS AND SERVICES
  • SITEMAP
  • CONTACT US

Support

Sign Up for Our Newesletter

Subscribe to our newsletter to get our newest articles instantly!

 

www.itfunk.orgwww.itfunk.org
© 2023 www.itfunk.org. All Rights Reserved.
  • ABOUT US
  • TERMS AND SERVICES
  • SITEMAP
  • CONTACT US
Welcome Back!

Sign in to your account

Username or Email Address
Password

Lost your password?