An Information Stealing Trojan on the Loose – Facebook Ads and Amazon to be First Targets

Will you ever think of a PDF reader software to steal data from your computer or laptop? Probably not, but beware from now on. An information-stealing Trojan is disguised as a PDF reader that steals the session cookies of Amazon and Facebook.

This is not it!

This Trojan also targets Facebook Ads to get all the sensitive information. MalwareHunterTeam found out that several websites are promoting this fake PDF reader. This software is issued to Rakete Content Gmbh by Sectigo ensuring that this software comes from a publisher.

VirusTotal detected that this Trojan is similar to Socelars, but in characteristics only. This Trojan is also like Stresspaint and AdKoob that steals Facebook data from different URLs. Even though one might feel that there is a lot of similarity between these Trojans, but Vitali Kremez ensured that there is not. It might be inspired by its predecessors, but this Trojan is a new type of infection.

The Trojan first targets Facebook Ads. Since we all know that elections are coming, which is why this Trojan can cause some serious damage. It has the ability to steal Facebook session cookies from Firefox and Chrome then leading to Facebook URLs.

When it’s done, the account ID and password of the user can be tracked down through account__billing. The data does not only consist of ID and access token, but also PayPal emails, account details, ad balances, and much more.

There has been much hype on curbing the political ads on the social media platform. Hence, these attackers can use this data to run their ad campaigns through these accounts.


The main focus of attackers is Facebook Ads; however, they are also stealing Amazon’s session cookies. This information will not be lead on to the Trojan to access further information; however, if it does then it can easily get its hands on to the user’s account.

Even though there are no active links of this PDF reader on the sites promoting it, but it can still be distributed via adware bundles. So, keep an eye on the programs while downloading them. These Trojans do not ring an alarm and work in silence. Better wise than to be late!



Read next: There’s a new virus in Google Chrome browser that not only steals user credentials but also sends it to a Database

No comments:

Post a Comment