Proofpoint researchers say it steals logins and spreads more malware.

Dark Reading Staff, Dark Reading

March 19, 2021

1 Min Read

Researchers with Proofpoint released details today on new undocumented malware called CopperStealer.  

CopperStealer has many of the same targeting and delivery methods as SilentFade, a Chinese-sourced malware family first reported by Facebook in 2019. Proofpoint believes Copperstealer is a previously undocumented family within the same class of malware as SilentFade.

The Copperstealer malware attempts to steal the account passwords to Facebook, Instagram, Google, and other major service providers, according to Proofpoint. The stolen passwords are used to run malicious ads for profit and spread more malware. 

"CopperStealer is going after big service provider logins like social media and search engine accounts to spread additional malware or other attacks," says Sherrod DeGrippo, senior director of threat research at Proofpoint. "These are commodities that can be sold or leveraged. Users should turn on two-factor authentication for their service providers."

Researchers were first alerted to the malware sample in late January. The earliest discovered samples date back to July 2019.  

"While we analyzed a sample that targets Facebook and Instagram business and advertiser accounts, we also identified additional versions that target other major service providers, including Apple, Amazon, Bing, Google, PayPal, Tumblr and Twitter," Proofpoint said in a blog post. 

The full post can be found here.

About the Author(s)

Dark Reading Staff

Dark Reading

Dark Reading is a leading cybersecurity media site.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights