Analyzing a Facebook Profile Stealer Written in Node.js

During previous analysis of a campaign involving a Facebook stealer, Trend Micro researchers discovered another interesting stealer. It was written in Node.js, packaged into an executable, exfiltrated stolen data via both Telegram bot API and a command-and-control (C&C) server, and employed GraphQL as a channel for C&C communication. This blog entry investigates this new stealer and provides an in-depth analysis of its routines and capabilities.

Read more…
Source: Trend Micro