HQ/EMEAFind out how we can help your business
YouTube and Facebook users are alerted about an ongoing malware campaign aiming to infect computers with the new S1deload Stealer that can hijack social media accounts and computers for mining cryptocurrency.
According to the researchers, the operators of this new campaign have been heavily utilising DLL sideloading to evade being detected. Over 600 unique users were infected by the S1deload Stealer between July and December last year.
A social engineering tactic is deployed to lure social media users into installing the S1deload Stealer.
The researchers spotted some maliciously run Facebook pages with adult themes to lure people into downloading the malware through ZIP archives allegedly containing sensual images. However, the unaware users would inject malware into their machines upon downloading the ZIP files on this Facebook page.
In a remote command-and-control (C2) server, the threat operators can send instructions to the S1deload Stealer malware about its tasks on the infected machine. Some of its features are downloading and running additional components like a headless Chrome web browser, which could emulate human behaviour in the background – artificially boosting YouTube videos’ view counts and Facebook posts’ tractions.
In some instances, the malware can deploy an additional stealer that decrypts and collects the victim’s saved cookies and credentials and the Login Data SQLite database or a cryptojacker to mine cryptocurrency.
The stolen saved credentials of the victims will then be used to perform spam on social media platforms and infect more computers that will bite their baits.
Cybersecurity experts advise people to refrain from downloading and running malicious files from questionable social media pages. Keeping AV software active and up-to-date at all times is also highly recommended.
Users who are certain that their machines have already been infected are suggested to change all their passwords immediately and employ MFA on all their online accounts. Robust AV software can also remove malware threats from a computer.
