New S1deload Malware Hijacking Users' Social Media Accounts and Mining Cryptocurrency

2023-02-23 10:45

An active malware campaign has set its sights on Facebook and YouTube users by leveraging a new information stealer to hijack the accounts and abuse the systems' resources to mine cryptocurrency.

Bitdefender is calling the malware S1deload Stealer for its use of DLL side-loading techniques to get past security defenses and execute its malicious components.

"Once infected, S1deload Stealer steals user credentials, emulates human behavior to artificially boost videos and other content engagement, assesses the value of individual accounts, mines for BEAM cryptocurrency, and propagates the malicious link to the user's followers," Bitdefender researcher Dávid ÁCS said.

To pull off the scheme, users are lured with adult-themed content via Facebook posts that contain links to ZIP archives, which, when extracted, triggers an intricate infection sequence leading to the deployment of the malware.

"The malware author can therefore create a feedback loop: the more PCs they can infect, the more they can spam on Facebook, the more clicks they can generate to infect more PCs," Bitdefender said.

"The malware exfiltrates the victim's saved credentials, including email, social media or even financial accounts. The threat actor can access these accounts or sell them on the dark web."

News URL

https://thehackernews.com/2023/02/new-s1deload-malware-hijacking-users.html

#cryptocurrency #hijacking #malware #mining #socialmedia

News URL

Related news