Warning about a new campaign to steal login details via Facebook

Since late August 2025, Kaspersky’s Global Research and Analysis Team (GReAT) has identified a new malicious campaign leveraging the infostealer StealC v2, a malware designed to steal passwords and other account information. The campaign appears to be spreading via Facebook messages, with over 400 incidents recorded so far across multiple countries, including Europe and Greece.

Facebook users are receiving messages containing links disguised as account suspension alerts as part of this malicious campaign.

Clicking the link opens a fake support page claiming that the user’s account has been suspended due to suspicious activity. To “restore access,” users are prompted to click the “Appeal” button, which initiates the download of a malicious payload installing StealC v2—a dangerous Malware-as-a-Service—on the victim’s device. The malware itself steals passwords, cookies, screenshots, and cryptocurrency wallet data.

“Cybercriminals often exploit the fear of losing access and create a sense of urgency, pressuring users to act without thinking. This increases the risk of infection by malware like StealC v2. Vigilance and verifying the authenticity of any message before clicking are critical security practices,” said Marc Rivero, Head of Security Research at Kaspersky GReAT.

StealC v2, first observed in 2025, is an upgraded version of the original StealC, which appeared in 2023 on dark web platforms and quickly became popular among cybercriminals due to its ease of use and wide availability.

To protect against phishing attacks, Kaspersky recommends that users of both corporate and personal accounts:

• Emails and websites sometimes closely mimic legitimate ones. This depends on how well-prepared the attackers are. However, hyperlinks are often incorrect, contain spelling mistakes, or may redirect you to a different site.
• Be cautious of messages creating a sense of urgency or containing threats. Cybercriminals try to pressure you into hasty actions, such as changing passwords or providing personal information.
• Verify any unsolicited message, call, or link, even if it appears legitimate. Never share two-factor authentication (2FA) codes.
• Protect yourself effectively with Kaspersky Next (for businesses) or Kaspersky Premium (for individuals), which offer advanced phishing detection and blocking capabilities.