What happened
Security analysts have identified Socelars, an information-stealing Trojan actively targeting Windows systems to harvest authenticated session data, particularly from browsers, and enable account takeovers of business platforms like Facebook Ads Manager and Amazon.
Who is affected
Enterprises and organizations with Windows endpoints, especially those relying on web-based business services, digital advertising platforms, and e-commerce accounts, face heightened risk, as the malware can compromise authenticated sessions and make account takeover seamless.Â
£Why CISOs should care
Unlike disruptive ransomware, Socelars operates stealthily, exfiltrating active session cookies and authentication tokens that allow attackers to impersonate users without triggering typical password alerts or MFA challenges. This makes it a significant threat to business continuity, financial controls, and brand integrity across digital marketing and commerce environments.Â
3 practical actions
- Harden endpoint defenses: Deploy advanced detection tools capable of identifying and blocking session-stealing malware behavior, and ensure regular scanning of all Windows endpoints.
- Reduce session exposure: Enforce strict session management policies — shorter cookie lifespan, conditional access controls, and frequent session invalidation — to limit the value of harvested session tokens.
- User and admin training: Educate teams to avoid unverified downloads and phishing lures (e.g., fake PDF reader installers), and implement least-privilege principles to curb malware’s ability to escalate privileges.