A new malware is on the way software online right now. It hacks social media accounts, steals login credentials and mines cryptocurrency using victims' devices.
The information comes from Bitdefender's Advanced Threat Control Team (ATC) researchers, who discovered a new type of malware called S1deload Stealer. Malware tries to avoid detection in advanceletterprotections using DLL sideloading (DLL sideloading). The second half of 2022, villains users managed to infect hundreds of users.
Bitdefender products detected more than 600 unique users infected with this malware from July to December 2022, said Dávid Ács, researcher at Bitdefender.
The malware must be downloaded and executed by the victims themselves. It is hidden in files (.zip files) that they claim to have content for adults. When victims downloaded and ran the "content", they didn't find what they were looking for, but instead infected their devices with an infostealer.
What the malware can do:
First, it can download a headless Chrome browser that runs on background.
It opens YouTube videos and Facebook posts to increase their views.
It can also download and run an infostealer that decrypts login credentials stored in browsers, as well as session cookies.
The Facebook accounts, he tries to analyze them. He is looking for whether o account manages Facebook pages or groups, pays for ads, or is connected to a business manager account.
The malware can also download, install and run a cryptocurrency miner and it mines the BEAM cryptocurrency for the hackers.
Incidentally, hackers can also use the stolen credentials to spam social media and try to infect even more people.
Moral lesson of history: don't download things you don't know from the internet.