A new malware is on the way software online right now. It violates social media accounts, steals credentials connectionand mines cryptocurrencies using victims' devices.
The information come from Bitdefender's Advanced Threat Control Team (ATC) researchers, who discovered a new type of malware called S1deload Stealer. Malware tries to avoid detection by security programs by using DLL sideloading (DLL sideloading). In the second half of 2022, malicious users managed to infect hundreds of users.
The products of Bitdefender identified more than 600 unique users infected with this malware from July to December 2022, said Dávid Ács, researcher at Bitdefender.
The malware must be downloaded and executed by the victims themselves. It is hidden in files (.zip files) that are said to have adult content. When victims downloaded and ran the "content", they didn't find what they were looking for, but instead infected their devices with an infostealer.
What the malware can do:
First, it can download a headless Chrome browser running in the background.
It opens YouTube videos and Facebook posts to increase their views.
It can also download and run an infostealer that decrypts login credentials stored in browsers, as well as session cookies.
The Facebook accounts, he tries to analyze them. It looks to see if the account manages Facebook pages or groups, if it pays for advertisements or if it is connected to a business manager account.
Malware can also download, install and run a cryptocurrency miner and mines BEAM cryptocurrency for hackers.
Incidentally, hackers can also use the stolen credentials to spam social media and try to infect even more people.
Moral lesson of history: don't download things you don't know from the internet.