NodeStealer is an information-stealing malware that primarily targets Facebook business accounts and cryptocurrency wallets. It has been active since at least July 2022 and was first exposed by Meta in May 2023. The malware is distributed through various methods, including downloading and extracting files, and it sets persistence by adding registry run keys.