Security News > 2023 > February > New S1deload Stealer malware hijacks Youtube, Facebook accounts
An ongoing malware campaign targets YouTube and Facebook users, infecting their computers with a new information stealer that will hijack their social media accounts and use their devices to mine for cryptocurrency.
Security researchers with Bitdefender's Advanced Threat Control team discovered the new malware and dubbed it S1deload Stealer due to its extensive use of DLL sideloading for evading detection.
If the user downloads one of the linked archives, they will instead get an executable signed with a valid Western Digital digital signature and a malicious DLL containing the final payload. ?Once installed on victims' devices, S1deload Stealer can be instructed by its operators to perform one of several tasks after connecting to the command-and-control server.
As Bitdefender discovered, it can download and run additional components, including a headless Chrome web browser that runs in the background and emulates human behavior to artificially boost view counts on YouTube videos and Facebook posts.
If it manages to steal a Facebook account, the malware will also attempt to estimate its actual value by leveraging the Facebook Graph API to find out if the victim is the admin of a Facebook page or group, if it pays for ads, or is linked to a business manager account.
"The stealer component we observed in the wild steals the saved credentials from the victim's browser, exfiltrating them to the malware author's server," Ács added.
News URL
Related news
- Malvertising Campaign Hijacks Facebook Accounts to Spread SYS01stealer Malware (source)
- New FakeCall Malware Variant Hijacks Android Devices for Fraudulent Banking Calls (source)
- New SteelFox malware hijacks Windows PCs using vulnerable driver (source)
- NodeStealer Malware Targets Facebook Ad Accounts, Harvesting Credit Card Data (source)