CopperStealer

CopperStealer is spyware and a Trojan downloader that collects login credentials for turning victims' Web accounts into unauthorized advertising channels. Like SilentFade, CopperStealer targets Facebook users. CopperStealer also hijacks accounts for other services, such as Instagram. Users should let dedicated cyber-security products remove CopperStealer as soon as possible and reset any compromised passwords or other credentials.

Two Advertising Trojans with Suspicious Resemblances

Previous samples of SilentFade, a China threat actor-derived trojan, show in great detail how hackers can use others' social media accounts for making money and manipulating Web traffic. What seems like an offshoot or close relative is doing the same thing now, but with extra support for even more demographics. The trojan-spyware combination, CopperStealer, continues attacking Facebook users but also hijacks accounts of other, equally-popular services.

This Week In Malware Episode 45 Part 1: CopperStealer Malware Targets Amazon, Google, Apple & Other Popular Services

CopperStealer is circulating through software piracy websites, with cracks for premium software and illicit media as free downloads. The download includes various bundle-based threats besides CopperStealer, including Potentially Unwanted Programs (PUPs) such as browser hijackers and adware. As usual, there is no visual indication of CopperStealer's installation.

CopperStealer then collects credentials for multiple accounts, including Facebook, Instagram, Google, and more. CopperStealer retrieves the login data from most browsers in widespread use, such as Chrome, Firefox and Edge. CopperStealer then proceeds with taking over the account and turning it into an advertising delivery channel for traffic-based revenue.

Stopping the Big Collection from an Account Hijacker

Since CopperStealer collects password and cookie data from infected computers directly, one's login credentials' strength has no impact on defending against it. Malware experts recommend enabling two-factor authentication (2FA) for all vulnerable accounts as easy protection against attackers taking over accounts through misappropriated passwords. Since advertising content circulated by Trojans like CopperStealer has historical links to online tactics and attacks, users should avoid interacting with CopperStealer's promoted content as much as possible.

Its account-converting features are of great note, but CopperStealer also includes features that are more characteristic of the average Trojan. As a Trojan downloader, it may install other PC threats and make contact with a remote Command & Control server for two-way data transfer. Users should consider disabling Internet connectivity temporarily while dealing with CopperStealer infections.

CopperStealer's campaigns in the wild trace back to as far as the middle of 2019. Users should update any preferred anti-malware services' databases for maximizing detection rates regularly and removing CopperStealer through these security solutions as soon as possible.

CopperStealer is a dangerously-innovative twist in SilentFade's story, showing that it's not just a confined incident or a one-time project. As users' identities become more intertwined with the Internet, aspects of them may get subjected to never-before-seen indignities – all in the name of money.