StealC v2 malware spreads through fake Facebook support messages
- philviles
- Sep 5
- 2 min read
A new wave of phishing attacks is doing the rounds on Facebook, and it’s targeting users with cleverly disguised “support” messages.
Security researchers at Kaspersky recently uncovered the campaign, which installs StealC v2, a credential-stealing malware designed to siphon off login details, browser data, and even cryptocurrency wallets.
Since late August, more than 400 incidents have already been reported, with most victims located in Turkey, India, and Indonesia. But that does not mean Brits can discount the campaign and turn a blind eye towards it.
What’s Happening?
Cybercriminals are exploiting one of the oldest tricks in the book: fear. The phishing campaign begins with a Facebook message that looks like an official notification, warning users that their account has been suspended due to suspicious activity.
These messages redirect victims to fake support pages that mimic Facebook’s legitimate design. Once there, users are urged to click an “Appeal” button to restore their account. But instead of resolving anything, that click downloads a malicious script that silently installs StealC v2 on the victim’s device.
Why StealC v2 Matters
StealC isn’t new. Its first version surfaced on dark web marketplaces in 2023. But the updated v2 has been upgraded and is now distributed under a Malware-as-a-Service (MaaS) model. That means virtually any cybercriminal can rent or buy access to it, making attacks easier to launch and harder to contain.
Once installed, StealC v2 can:
Harvest passwords and cookies from browsers
Capture screenshots of your activity
Steal data from cryptocurrency wallets
Marc Rivero, lead security researcher at Kaspersky, explains:
“Cybercriminals often exploit users’ fear of losing account access and a perceived sense of urgency. This pressure can lead individuals to act without caution, increasing the risk of infection.”
Not the First Time
This campaign is part of a wider trend. Similar phishing-as-a-service (PhaaS) scams surged in 2024, making professional-level scams available to less sophisticated attackers. Earlier studies showed that 62% of Facebook users have encountered a scam, with fake support messages becoming a common tactic against both personal and business accounts.
How to Protect Yourself
While these attacks are getting more sophisticated, a few smart habits can drastically reduce your risk:
Scrutinise links – watch for odd spellings, redirects, or anything that looks slightly off.
Don’t act on urgency – Facebook will never threaten to suspend your account via private message.
Protect 2FA codes – never share them outside of the official login process.
Verify alerts – go directly to Facebook’s official support pages instead of clicking on suspicious links.
We have more on how to spot phishing scams in a recent blog post.
Bottom Line
The rise of StealC v2 shows how quickly cybercriminals adapt and refine their methods. With phishing kits and malware available as services, scams like these are becoming more widespread. Staying alert, sceptical of unsolicited messages, and verifying through official channels remains the best defence.
Reporting
Report all Fraud and Cybercrime to Action Fraud by calling 0300 123 2040 or online. Forward suspicious emails to report@phishing.gov.uk. Report SMS scams by forwarding the original message to 7726 (spells SPAM on the keypad).