There is a new malware circulating on the internet right now. It hacks social media accounts, steals login credentials and mines cryptocurrency using victims' devices.
The information comes from Bitdefender's Advanced Threat Control Team (ATC) researchers, who discovered a new type of malware called S1deload Stealer. Malware tries to avoid detection by security programs by using DLL sideloading (DLL sideloading). In the second half of 2022, malicious users managed to infect hundreds of users.
Bitdefender products detected more than 600 unique users infected with this malware from July to December 2022, said Dávid Ács, researcher at Bitdefender.
The malware must be downloaded and executed by the victims themselves. It is hidden in files (.zip files) that are said to have adult content. When victims downloaded and ran the "content", they didn't find what they were looking for, but instead infected their devices with an infostealer.
What the malware can do:
First, it can download a headless Chrome browser that runs in the background.
It opens YouTube videos and Facebook posts to increase their views.
It can also download and run an infostealer that decrypts login credentials stored in browsers, as well as session cookies.
Facebook accounts, he tries to analyze them. It looks to see if the account manages Facebook pages or groups, pays for ads, or is linked to a business manager account.
The malware can also download, install and run a cryptocurrency miner and it mines the BEAM cryptocurrency for the hackers.
Incidentally, hackers can also use the stolen credentials to spam social media and try to infect even more people.
Moral lesson of history: don't download things you don't know from the internet.