Kaspersky Unveils Startling Facebook Credential Theft Campaign

Unmasking the Threat

In a shocking revelation, Kaspersky’s Global Research and Analysis Team (GReAT) has spotlighted a sophisticated new malicious campaign targeting Facebook users worldwide. Since late August 2025, digital criminals have wielded the potent StealC v2 infostealer—a malicious software capable of harvesting passwords and private account data from victims’ devices with insidious precision.

A Global Exploitation

The campaign is no isolated incident. Over 400 manifestations have been documented across diverse regions, notably in Jordan, Yemen, Qatar, and Lebanon. It initially lures unsuspecting Facebook users with seemingly benign messages, eerily camouflaged as notifications warning that their accounts are at risk of being disabled.

The Deceptive Tactics

With cunning deceit, the malicious message leads users to a faux support page puffed up with faux legitimacy. Clicking on this phishing trap with hopes of “regaining account access” activates a treacherous string—triggering the download of the StealC v2 malware. This Malware-as-a-Service intricately pilfers passwords, cookies, cryptocurrency data, and even screenshots from your device, undermining both personal and business affairs.

Expert Insights and Resonance

Renowned expert Marc Rivero, part of Kaspersky’s GReAT, has weighed in on the psychological facets of these assaults, warning, “Cybercriminals often prey on users’ fear and urgency, prompting rash actions that compromise cybersecurity defenses. Extreme vigilance in scrutinizing message authenticity is a user’s most primal defense mechanism.”

Evolution of StealC v2

Originating from dark web shadows in 2023, the StealC malware carved its nefarious niche, becoming a preferred selection among cybercriminals due to its simplicity and capabilities. Its revamped iteration, StealC v2, now transcends mere theft; it constitutes an elevated danger unique in its exploitation strength and ease of access.

Protection Strategies

Kaspersky advocates a sharp eye for discerning phishing cues—from typo-laden URLs to pressured phrasing in email content. For comprehensive protection, integrating tools like Kaspersky Next and Premium can staunchly guard against these digital attack vectors, sharply edifying digital resilience.

The disturbing emergence of StealC v2 as articulated by Kaspersky marks an era where vigilance will be tantamount. As stated in TahawulTech.com, “Awareness is our frontline defense in a digitally volatile universe.”