Beware of this new malware hitting YouTube and Facebook accounts
There's a new malware roaming free online right now. It hijacks people's social media accounts, steals login credentials, and mines cryptocurrencies using people's devices, reports TechRadar.
The info comes from researchers from Bitdefender's Advanced Threat Control Team (ATC), which found a new strain of malware named S1deload Stealer. The malware tries to avoid being detected by antivirus programs by using DLL sideloading. In the second half of 2022, malicious users were able to infect hundreds of users.
Bitdefender products detected more than 600 unique users infected with this malware between July and December 2022, Dávid Ács, a researcher from Bitdefender, stated.
The malware needs to be downloaded and run by the victims themselves. It was hidden in archives (.zip files) that allegedly had adult content. When the victims downloaded and run the "content", they didn't find what they were looking for but instead got their devices infected with an infostealer.
When it comes to a Facebook account, it tries to analyze it. It looks for whether the account administrates any Facebook pages or groups, if it pays for ads, or if it's linked to a business manager account. All in all, you can imagine this makes the account even more valuable.
And then it can go ahead and download, install, and run a cryptocurrency miner. It mines the BEAM cryptocurrency for hackers. By the way, the hacker can also use the stolen credentials to spam on social media and try to infect even more machines.
A more techy explanation of the malware's actions can be found on Bleeping Computer's article. The moral of the story: don't download shady things from the internet.
New malware exploits users' YouTube and Facebook account
The info comes from researchers from Bitdefender's Advanced Threat Control Team (ATC), which found a new strain of malware named S1deload Stealer. The malware tries to avoid being detected by antivirus programs by using DLL sideloading. In the second half of 2022, malicious users were able to infect hundreds of users.
The malware needs to be downloaded and run by the victims themselves. It was hidden in archives (.zip files) that allegedly had adult content. When the victims downloaded and run the "content", they didn't find what they were looking for but instead got their devices infected with an infostealer.
Here's what this malware is capable of. First, it can download a headless Chrome browser that runs in the background. It opens YouTube vids and Facebook posts and rakes up views. It can also download and run an infostealer that decrypts login credentials saved in browsers, as well as session cookies.
When it comes to a Facebook account, it tries to analyze it. It looks for whether the account administrates any Facebook pages or groups, if it pays for ads, or if it's linked to a business manager account. All in all, you can imagine this makes the account even more valuable.
A more techy explanation of the malware's actions can be found on Bleeping Computer's article. The moral of the story: don't download shady things from the internet.
Things that are NOT allowed: