Security News > 2023 > February > New S1deload Stealer malware hijacks Youtube, Facebook accounts

New S1deload Stealer malware hijacks Youtube, Facebook accounts
2023-02-22 17:27

An ongoing malware campaign targets YouTube and Facebook users, infecting their computers with a new information stealer that will hijack their social media accounts and use their devices to mine for cryptocurrency.

Security researchers with Bitdefender's Advanced Threat Control team discovered the new malware and dubbed it S1deload Stealer due to its extensive use of DLL sideloading for evading detection.

If the user downloads one of the linked archives, they will instead get an executable signed with a valid Western Digital digital signature and a malicious DLL containing the final payload. ?Once installed on victims' devices, S1deload Stealer can be instructed by its operators to perform one of several tasks after connecting to the command-and-control server.

As Bitdefender discovered, it can download and run additional components, including a headless Chrome web browser that runs in the background and emulates human behavior to artificially boost view counts on YouTube videos and Facebook posts.

If it manages to steal a Facebook account, the malware will also attempt to estimate its actual value by leveraging the Facebook Graph API to find out if the victim is the admin of a Facebook page or group, if it pays for ads, or is linked to a business manager account.

"The stealer component we observed in the wild steals the saved credentials from the victim's browser, exfiltrating them to the malware author's server," Ács added.


News URL

https://www.bleepingcomputer.com/news/security/new-s1deload-stealer-malware-hijacks-youtube-facebook-accounts/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Facebook 29 0 11 46 54 111