Since late August 2025, the Kaspersky Global Research and Analysis Team (GReAT) (www.Kaspersky.co.za) has been observing a new malicious campaign leveraging a stealer — a type of malware designed to steal passwords and other account information. The StealC v2 infostealer is being spread through Facebook messages. More than 400 incidents have been identified to date, targeting users across multiple countries, including confirmed cases in Kenya, Angola, Ethiopia, Niger, Uganda and Zambia, among other African* countries.
As part of this attack, Facebook users receive messages containing a link disguised as a notification that their account has been blocked.
Clicking the link opens a fake support page claiming that the user’s account has been blocked due to suspicious activity. To “restore access,” users are prompted to use the “Appeal” button, which initiates the download of a malicious script that installs the StealC v2, a dangerous malware offered under a Malware-as-a-Service model, on the victim’s device. The malware itself steals passwords, cookies, screenshots, as well as cryptocurrency wallet data.
“Cybercriminals often exploit users’ fear of losing account access and a perceived sense of urgency. This pressure can lead individuals to act without caution, increasing the risk of infection by malware such as StealC v2. Users should remain vigilant and always verify the authenticity of messages before clicking any links,” comments Marc Rivero, lead security researcher at Kaspersky’s Global Research and Analysis Team.
StealC v2, first observed in 2025, significantly enhances the malware’s capabilities and elevates the risk to both individual and corporate users. The original StealC, which emerged in 2023 on dark web platforms, quickly became a sought-after tool among cybercriminals thanks to its accessibility, capabilities and ease of access.
To be protected from phishing, Kaspersky recommends corporate and individual users:
- Practice caution when clicking links. Sometimes emails and websites look just like real ones. It depends on how well the criminals did their homework. But the hyperlinks, most likely, will be incorrect, with spelling mistakes, or they can redirect you to a different place.
- Look out for urgency or threats. Phishing attempts frequently try to create a sense of urgency or fear. Be cautious of emails demanding immediate action, such as changing a password or providing personal information.
- Verify unsolicited messages, calls, or links, even if they appear legitimate. Never share 2FA codes.
- Use Kaspersky Next (https://apo-opa.co/42lrs13) (in corporate environments) or Kaspersky Premium (https://apo-opa.co/4nr4ga5) (for individual use) to block phishing attempts.
Reference:
* Kaspersky identified confirmed cases of the StealC v2 infostealer in Africa in Angola, Benin, Burkina Faso, Chad, Egypt, Ethiopia, Gabon, Kenya, Libya, Madagascar, Mali, Morocco, Mozambique, Niger, Tunisia, Uganda, Zaire, Zambia. There were also confirmed cases in other regions of the world.
Distributed by APO Group on behalf of Kaspersky.
For further information please contact:
Nicole Allman
nicole@inkandco.co.za
Social Media:
Facebook: https://apo-opa.co/484gz7w
X: https://apo-opa.co/4nkCbRA
YouTube: https://apo-opa.co/4mbmoUd
Instagram: https://apo-opa.co/45TfaPP
Blog: https://apo-opa.co/45VPh1X
About Kaspersky:
Kaspersky is a global cybersecurity and digital privacy company founded in 1997. With over a billion devices protected to date from emerging cyberthreats and targeted attacks, Kaspersky’s deep threat intelligence and security expertise is constantly transforming into innovative solutions and services to protect individuals, businesses, critical infrastructure and governments around the globe. The company’s comprehensive security portfolio includes leading digital life protection for personal devices, specialized security products and services for companies, as well as Cyber Immune solutions to fight sophisticated and evolving digital threats. We help millions of individuals and nearly 200,000 corporate clients protect what matters most to them. Learn more at www.Kaspersky.co.za.
