StealC Malware: New Phishing Wave Deceives Meta Users

A sophisticated phishing campaign targets social media users and spreads dangerous malware via fake account lockouts. What's special about it is that the attackers use a completely new method that tricks even experienced users.

Cybersecurity experts are warning of a global wave of attacks targeting Facebook and Instagram users. The perpetrators pose as Meta Support and threaten to block accounts to lure victims into installing the StealC malware . The malware can steal virtually all personal and financial data.

The attack begins with an email warning of an alleged account suspension within seven days. Fabricated policy violations are cited as the reason. To avoid the suspension, users are redirected to a deceptively real website simulating an official meta support page.

FileFix trick: When Windows Explorer becomes a trap

The insidious aspect of this campaign is the so-called FileFix method – a further development of known attack techniques. Instead of asking for passwords, the fake website instructs users to copy a supposed file path for an "incident report" and paste it into the address bar of Windows Explorer.

What looks like a harmless path is actually a disguised PowerShell command. Upon pasting and confirming, a multi-stage attack automatically launches – without any discernible download prompt or security warning. This method makes it difficult for even cautious users to detect the scam.

Advertisement: Speaking of Windows security: If malware strikes or Windows no longer starts, a bootable USB stick can help. A free report explains step-by-step how to create a Windows 11 boot stick and use it for reinstallation or repair—ideal as an emergency tool. Get the free guide "Creating a Windows 11 Boot Stick" now.

The first command downloads seemingly harmless JPEG images from the Bitbucket code platform. However, the attackers use steganography to conceal additional malicious code and encrypted malware directly within the image files. This technique bypasses many conventional antivirus programs because the signatures are not recognized.

StealC malware: Digital data theft on a large scale

The goal of the campaign is to install StealC – a particularly dangerous spyware program. The malware systematically scans browsers like Chrome and Firefox for saved passwords, usernames, and authentication cookies.

In addition, StealC steals credentials from messaging apps, cryptocurrency wallets, and VPN clients. The software also takes screenshots of desktop content and can download additional malware. According to security firm Acronis, the malware can "completely plunder your digital life" and enable identity theft and financial fraud.

Global threat with German victims

Analysis of the phishing sites reveals an international focus with multilingual support. Users in the US, Germany, the Philippines, and other countries have already been affected. The use of trusted hosting services like Bitbucket and sophisticated obfuscation techniques make detection significantly more difficult.

Security experts expect the FileFix method to be adopted by other cybercriminals due to its current effectiveness. As security software adapts, attackers will continually evolve their methods.

How to protect yourself from the threat

Rule number one: Never follow instructions from unsolicited emails that require copying and pasting commands into system dialogs.

Further protective measures: – Check account status independently: Log in directly via the official website or app instead of following links in emails – Check sender addresses carefully for signs of forgery – Enable two-factor authentication for all important accounts – Keep security software and operating system up to date

Those who remain suspicious and critically examine unexpected, urgent messages can significantly reduce the risk. Even the most sophisticated phishing campaign only works if users take the first step.