• Skip to main content
  • Skip to header right navigation
  • Skip to site footer
Restore Privacy

Restore Privacy

Resources to stay safe and secure online

  • News
  • Tools
    • Secure Browser
    • VPN
    • Ad Blocker
    • Secure Email
    • Private Search Engine
    • Data Removal
      • Incogni Review
    • Password Manager
    • Secure Messaging App
    • Tor
    • Identity Theft Protection
    • Unblock Websites
    • Privacy Tools
  • Email
    • Secure Email
    • ProtonMail Review
    • Tutanota Review
    • Mailfence Review
    • Mailbox.org Review
    • Hushmail Review
    • Posteo Review
    • Fastmail Review
    • Runbox Review
    • CTemplar Review
    • Temporary Disposable Email
    • Encrypted Email
    • Alternatives to Gmail
  • VPN
    • What is VPN
    • VPN Reviews
      • NordVPN Review
      • Surfshark VPN Review
      • VyprVPN Review
      • Perfect Privacy Review
      • ExpressVPN Review
      • CyberGhost Review
      • AVG VPN Review
      • IPVanish Review
      • Hotspot Shield VPN Review
      • ProtonVPN Review
      • Atlas VPN Review
      • Private Internet Access Review
      • Avast VPN Review
      • TorGuard Review
      • PrivadoVPN Review
    • VPN Comparison
      • NordVPN vs ExpressVPN
      • NordVPN vs PIA
      • IPVanish vs ExpressVPN
      • CyberGhost vs NordVPN
      • Surfshark vs NordVPN
      • IPVanish vs NordVPN
      • ExpressVPN vs PIA
      • VyprVPN vs NordVPN
      • CyberGhost vs ExpressVPN
      • NordVPN vs HideMyAss
      • ExpressVPN vs ProtonVPN
      • Atlas VPN vs NordVPN
      • ExpressVPN vs Surfshark
      • NordVPN vs Proton VPN
      • Surfshark vs CyberGhost
      • Surfshark vs IPVanish
    • Best VPNs
      • Best VPN for Torrenting
      • Best VPN for Netflix
      • Best Free VPN
      • VPN for Firestick TV
      • Best VPN for Android
      • Best VPN for Gaming
      • Best VPN for PC
      • Best VPN for Disney Plus
      • Best VPN for Hulu
      • Best VPN for Mac
      • Best VPN for Streaming
      • Best VPN for Windows
      • Best VPN for iPhone
    • VPN Coupons
      • ExpressVPN Coupon
      • NordVPN Coupon
      • Cyber Monday VPN Deals
      • NordVPN Cyber Monday
      • Surfshark VPN Cyber Monday
      • ExpressVPN Cyber Monday
    • VPN Guides
      • Free Trial VPN
      • Cheap VPNs
      • Static IP VPN
      • VPN Ad Blocking
      • No Logs VPN
      • Best VPN Chrome
      • Best VPN Reddit
      • Split Tunneling VPN
      • VPN for Binance
      • WireGuard VPN
      • VPN for Amazon Prime
      • VPN for Linux
      • VPN for iPad
      • VPN for Firefox
      • VPN for BBC iPlayer
    • By Country
      • Best VPN Canada
      • Best VPN USA
      • Best VPN UK
      • Best VPN Australia
      • VPN for Russia
    • VPN Router
  • Password
    • Best Password Managers
    • Comparisons
      • NordPass vs 1Password
      • 1Password vs LastPass
      • NordPass vs LastPass
      • RoboForm vs NordPass
      • 1Password vs Bitwarden
      • Dashlane vs NordPass
      • 1Password vs Dashlane
      • NordPass vs Bitwarden
    • KeePass Review
    • NordPass Review
    • 1Password Review
    • Dashlane Review
    • RoboForm Review
    • LastPass Review
    • Bitwarden Review
    • Strong Password
  • Storage
    • Best Cloud Storage
    • pCloud Review
    • Nextcloud Review
    • IDrive Review
    • SpiderOak Review
    • Sync.com Review
    • MEGA Cloud Review
    • NordLocker Review
    • Tresorit Review
    • Google Drive Alternatives
  • Messenger
    • Secure Messaging Apps
    • Signal Review
    • Telegram Review
    • Wire Review
    • Threema Review
    • Session Review
  • Info
    • Mission
    • Press
    • Contact
  • News
  • Tools
    • Secure Browser
    • VPN
    • Ad Blocker
    • Secure Email
    • Private Search Engine
    • Data Removal
      • Incogni Review
    • Password Manager
    • Secure Messaging App
    • Tor
    • Identity Theft Protection
    • Unblock Websites
    • Privacy Tools
  • Email
    • Secure Email
    • ProtonMail Review
    • Tutanota Review
    • Mailfence Review
    • Mailbox.org Review
    • Hushmail Review
    • Posteo Review
    • Fastmail Review
    • Runbox Review
    • CTemplar Review
    • Temporary Disposable Email
    • Encrypted Email
    • Alternatives to Gmail
  • VPN
    • What is VPN
    • VPN Reviews
      • NordVPN Review
      • Surfshark VPN Review
      • VyprVPN Review
      • Perfect Privacy Review
      • ExpressVPN Review
      • CyberGhost Review
      • AVG VPN Review
      • IPVanish Review
      • Hotspot Shield VPN Review
      • ProtonVPN Review
      • Atlas VPN Review
      • Private Internet Access Review
      • Avast VPN Review
      • TorGuard Review
      • PrivadoVPN Review
    • VPN Comparison
      • NordVPN vs ExpressVPN
      • NordVPN vs PIA
      • IPVanish vs ExpressVPN
      • CyberGhost vs NordVPN
      • Surfshark vs NordVPN
      • IPVanish vs NordVPN
      • ExpressVPN vs PIA
      • VyprVPN vs NordVPN
      • CyberGhost vs ExpressVPN
      • NordVPN vs HideMyAss
      • ExpressVPN vs ProtonVPN
      • Atlas VPN vs NordVPN
      • ExpressVPN vs Surfshark
      • NordVPN vs Proton VPN
      • Surfshark vs CyberGhost
      • Surfshark vs IPVanish
    • Best VPNs
      • Best VPN for Torrenting
      • Best VPN for Netflix
      • Best Free VPN
      • VPN for Firestick TV
      • Best VPN for Android
      • Best VPN for Gaming
      • Best VPN for PC
      • Best VPN for Disney Plus
      • Best VPN for Hulu
      • Best VPN for Mac
      • Best VPN for Streaming
      • Best VPN for Windows
      • Best VPN for iPhone
    • VPN Coupons
      • ExpressVPN Coupon
      • NordVPN Coupon
      • Cyber Monday VPN Deals
      • NordVPN Cyber Monday
      • Surfshark VPN Cyber Monday
      • ExpressVPN Cyber Monday
    • VPN Guides
      • Free Trial VPN
      • Cheap VPNs
      • Static IP VPN
      • VPN Ad Blocking
      • No Logs VPN
      • Best VPN Chrome
      • Best VPN Reddit
      • Split Tunneling VPN
      • VPN for Binance
      • WireGuard VPN
      • VPN for Amazon Prime
      • VPN for Linux
      • VPN for iPad
      • VPN for Firefox
      • VPN for BBC iPlayer
    • By Country
      • Best VPN Canada
      • Best VPN USA
      • Best VPN UK
      • Best VPN Australia
      • VPN for Russia
    • VPN Router
  • Password
    • Best Password Managers
    • Comparisons
      • NordPass vs 1Password
      • 1Password vs LastPass
      • NordPass vs LastPass
      • RoboForm vs NordPass
      • 1Password vs Bitwarden
      • Dashlane vs NordPass
      • 1Password vs Dashlane
      • NordPass vs Bitwarden
    • KeePass Review
    • NordPass Review
    • 1Password Review
    • Dashlane Review
    • RoboForm Review
    • LastPass Review
    • Bitwarden Review
    • Strong Password
  • Storage
    • Best Cloud Storage
    • pCloud Review
    • Nextcloud Review
    • IDrive Review
    • SpiderOak Review
    • Sync.com Review
    • MEGA Cloud Review
    • NordLocker Review
    • Tresorit Review
    • Google Drive Alternatives
  • Messenger
    • Secure Messaging Apps
    • Signal Review
    • Telegram Review
    • Wire Review
    • Threema Review
    • Session Review
  • Info
    • Mission
    • Press
    • Contact

New ‘Album Stealer’ Attack Tricks Facebook Users Into Installing Malware

January 23, 2023 By Heinrich Long — 4 Comments
Album Stealer Attack Tricks Facebook Users Into Installing Malware

A new attack involving a previously unknown malware named ‘Album Stealer’ has been spotted by Zscaler, targeting Facebook users.

The attack employs adult images to trick Facebook users into downloading a malicious ZIP archive and essentially infect themselves with information-stealing malware.

The adversaries’ goal is to steal Facebook credentials and take over accounts, particularly Business accounts that have access to ad and marketing campaigns. The threat actors use that access to run malicious campaigns for their own benefit, directing the ad-generated revenue to their bank accounts.

Facebook Attack Chain

The attack begins with the threat actors using fake Facebook profile pages containing adult images of women to lure users into clicking on them. Those profiles contain a link to an archive that supposedly contains an album of more pictures.

Clicking on that link delivers a ZIP archive from Microsoft OneDrive, to evade anti-virus warnings. The archive contains an executable file named Album.exe, a malicious DLL, and a dat file.

The ZIP file distributed via legitimate cloud services such as OneDrive
Zscaler

Album.exe is in reality a PDF viewer that side-loads the malicious DLL to initiate the malware loading process. The executable also executes a self-extracting archive that contains images of women to serve as a decoy.

Meanwhile, in the background, the malware adds new registry keys to establish persistence on the system and continues the infection chain by loading several additional executables downloaded in each step.

Finally, Album Stealer is loaded onto the system, collecting data from the compromised computer and sending it to the command and control server.

The ‘Album Stealer’ malware attack chain
Zscaler

Album Stealer Targets

As an info-stealing malware, Album Stealer targets valuable user data that like account credentials, cookies and login data stored on web browsers like Chrome, Opera, Brave, Edge, and Firefox.

Stealing account credentials from Chrome
Zscaler

Its differentiating factor compared to other commonly used info-stealers is that instead of searching for static paths in the breached computer, it searches for file names.

This makes its scanning slower, but has the advantage of giving it more specific targeting, limiting the amount of false positives and unnecessary data uploads to the C2.

Moreover, Album Stealer focuses more on Facebook accounts, and if it extracts credentials for the social media platform, it uses the graph API to obtain additional information relating to business and ad management FB accounts.

The Album Stealer attack is a passive attack that waits for victims to make the first move themselves. However, it’s still a significant threat due to its potential to draw large amounts of victims on its hooks.

Facebook users are advised to avoid downloading archives from links listed on the platform, especially when these come from people they don’t know.

About Heinrich Long

Heinrich is an associate editor for RestorePrivacy and veteran expert in the digital privacy field. He was born in a small town in the Midwest (USA) before setting sail for offshore destinations. Although he long chafed at the global loss of online privacy, after Edward Snowden’s revelations in 2013, Heinrich realized it was time to join the good fight for digital privacy rights. Heinrich enjoys traveling the world, while also keeping his location and digital tracks covered.

Reader Interactions

Comments

  1. Hello

    January 26, 2023

    @Sven

    Can we get some deets on ChatGPT? They seem to be selling users data including mobile numbers. You can’t use their service unless you register a legitimate mobile number. VoIP and even Google Voice numbers don’t work. One can argue the same about Telegram and other secure chat protocols.

    Reply
  2. BoBeX

    January 25, 2023

    Hi @Harmonious Mind,
    I think you make many good and valid remarks.

    What is common amongst security / privacy people is the use of a model, ‘the threat model.’
    This means that everyone’s circumstances and security / privacy needs are different.
    I feel this is very well outlined here:
    https://www.youtube.com/watch?v=8MIIeIa25tE

    GL,

    Reply
  3. Harmonious Mind

    January 24, 2023

    Also there should be open discussion and no censorship. Censorship is wrong and an extreme measure which should not normally be taken. Like for example there is vaccine censorship, censorship when speaking against Islam etc. This is not good and a sign of decay.
    But censorship is not online privacy. It is about community and interaction. And there need to be transparency too, in government, in people. Privacy is basic dignity and personal space for growth which can be preserved in a strong and enlightened society.
    So what we need is more open mindedness and depth of discussion and understanding, both within and without, not isolation, being uprooted and decay. So privacy should also be taken in the right context of individual dignity and growth, not a license to personal vices and being harmful to people and life.

    Technically privacy is a part of security. So there is no privacy without security. And security is bigger and includes privacy. Just by practicing security in its entirety including lack of personally identifiable information and zero trust architecture one ensures privacy by default.

    Reply
  4. Harmonious Mind.

    January 24, 2023

    @Sven Sir it is important to revisit why are we emphasizing and at times paranoid about online privacy.

    One need not take such extreme steps to ensure online privacy that one gets more unsecure by using unvetted products and also loosing convenience at the same time.

    In US the Government and three letter agencies do not violate human rights and are not evil. They need warrent to get data from private entities. And it is indeed very much required to protect children from exploitation and keep away extremists particularly Islamic Terrorism. A better way to ensure privacy and security would be to make the atmosphere of society open to discussion on taboos surrounding such things. So that governments, which are collective power and voice of people, need not take such investigations. Again they are not evil and not being unreasonable.

    Further, advice like not using Microsoft Windows and Google’s Android is not a good advice without having good alternatives. These platforms are secure and well examined. Operating Systems are extremely complex piece of code. A cyber security person told me that Linux is 10 years behind security compared to Windows and while vulnerabilities on windows gets fixed and some what reducing, on Linux they have been increasing. This is about critical software vulnerabilities, not kiddie malwares.

    The data collection on these platforms and from their first party services is indeed used for sales and marketing. This is data monitisation. But they don’t target each person individually. There are cohorts and categorisation for a few thousand people, I believe 6,000, including Apple and Facebook.

    The issue can arise when there is a breach of data. That data is anonymous mostly though it may not be very difficult to deanonymise that data sometimes. Which a cyber criminal can later use to target someone. Here we have to take care to use services which have a great track record of protecting user data and no history of data breaches. As Mrwhodetheboss says when he reviewed Linux smartphone, that such monitisation indeed helps to make internet what it is and help people available free services like his free quality videos and help him earn a living and there is no proof or experience that this is very harmful for a person or Society in practical life in real world.
    Then, one can pay for services and that makes service providers free from reliance on data monitisation. I also avoid advertisements by paying for services.

    So Gmail and outlook are more secure and convenient and reliable and robust. Same for Onedrive and Google Drive, Windows and Android, Docs and Office etc. They are not private like Tales OS and Graphene OS but certainly more secure and not violate individual dignity or are not absolutely non-private but approximately and are reasonably safe with industry leading security practices in place for securing that data.
    Then, it really depends on the type of services one use that determines data collection, so I do prefer alternative services which can be cheaper and more convenient or desirable or even secure too like a 3rd party password manager or antivirus than using edge or chrome’s build in password manager or Google play protect and Microsoft Windows defender.

    So all in all what really one needs to be careful as far as digital life is concerned is safe social media usage and should practice good cyber security habits.
    There is a place for websites like restore privacy which make people aware about good cyber security hygiene and security practices, ignoring their Paranoia that someone is spying on you or Google and Microsoft is evil and an out right threat and that Governments are evil. Not exactly friends though. Big companies have their commercial interests and are also passionate about what they do. The danger lies from “isms” like Islamism, Communism and other such ideologies which have a verifiable record of mass destruction.

    Just as things like social media influencers, or toxic online gaming communities or strange things like audiophile or some of the animal right groups and environmental groups which may not really help that much, there is a community of online privacy advocates with varying degree of beliefs and understanding and threat level NBTV, Rob Braxxman, Techlore, Restore Privacy etc etc. Some of their advises can be useful and very much a reality and necessity in countries like China and Russia. One still needs to take care of app permissions and keep a watch on services we use and the companies which provide them. Times also change and never a constant. But some of their beliefs and advices are inaccurate and sometimes not useful.

    Reply

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Sidebar

Digital Privacy Essentials:
Secure Browsers
Private Search Engines
Secure Email
Best Password Managers
Secure Messaging Services
Best Ad Blockers
Best VPN Services
Secure Cloud Storage

Privacy & Security Guides:
Privacy Tools
Alternatives to Google Products
Firefox Privacy Modifications
Five Eyes, 9 Eyes, 14 Eyes Spying
Browser Fingerprinting
Is Tor Safe?
Alternatives to Gmail
VPN vs Tor
Alternatives to WhatsApp
Is Your Antivirus Spying on You?
Controlling Communication Channels is Crucial for Privacy
Anonymity Networks: VPNs, Tor, and I2P
How to Really Be Anonymous Online
Private and Anonymous Payments

Secure Email Reviews:
ProtonMail Review
Tutanota Review
Mailfence Review
Mailbox.org Review
Hushmail Review
Posteo Review
Fastmail Review
Runbox Review
CTemplar Review
Temporary Email Services
Encrypted Email

Password Manager Reviews:
Bitwarden Review
LastPass Review
KeePass Review
NordPass Review
Dashlane Review
1Password Review
Best Password Managers

Secure Messaging App Reviews:
Wire Review
Signal Review
Threema Review
Telegram Review
Session Review
Wickr Review

Secure Cloud Storage Reviews
Tresorit Review
MEGA Cloud Review
Sync.com Review
Nextcloud Review
IDrive Review
pCloud Review
SpiderOak Review
NordLocker Review

How To Guides
How to Encrypt Files on Windows
How to Encrypt Email
How to Configure Windows 10 for Privacy
How to use Two-Factor Authentication (2FA)
How to Secure Your Android Device for Privacy
How to Secure Your Home Network
How to Protect Yourself Against Identity Theft
How to Unblock Websites
How to Fix WebRTC Leaks
How to Test Your VPN
How to Hide Your IP Address
How to Create Strong Passwords
How to Really Be Anonymous Online

About RestorePrivacy

Contact

Restore Privacy Checklist

  1. Secure browser: Modified Firefox or Brave
  2. VPN: NordVPN (68% Off Coupon) or Surfshark
  3. Ad blocker: uBlock Origin or AdGuard
  4. Secure email: Mailfence or Tutanota
  5. Secure Messenger: Signal or Threema
  6. Private search engine: MetaGer or Brave
  7. Password manager: NordPass or Bitwarden

About

Restore Privacy is a digital privacy advocacy group committed to helping people stay safe and secure online. You can support this project through donations, purchasing items through our links (we may earn a commission at no extra cost to you), and sharing this information with others. See our mission here.

We’re available for Press and media inquiries here.

Restore Privacy is also on Twitter

COPYRIGHT © 2023 RESTORE PRIVACY, LLC · PRIVACY POLICY · TERMS OF USE · CONTACT · SITEMAP