Monday, May 27, 2024
HomeBlogsSocial Media User In Danger Of Account Hijack By New S1deload Malware

Social Media User In Danger Of Account Hijack By New S1deload Malware

A malware identified as S1deload Stealer by Bitdefender has been seen to target Facebook and YouTube in an active campaign to extract information through user account hijack and abuse systems’ resources in mining cryptocurrency.

In a bid to raise view count and generate massive likes for a post shared on platforms, it was reported that over 6000 distinct users, mainly from Romania, Turkey, France, Bangladesh, Mexico, Peru, and Canada, were affected between July – December 2022. The campaign aims to take over users’ accounts for as long as possible, consistently grab saved credentials and cookies from browsers, conduct Facebook profile checks, and silently load cryptojacker.

A post containing adult content is laced with links to zip archives designed to automatically trigger malware deployment through an infectious sequence to attract users. According to Bitdefender, the process enables the cybercriminal to create a feedback loop in which the possible number of clicks that can be generated depends on the volume of Facebook spam produced, which also relies on the number of infected PCs.

A Romanian company quantified the danger of being a victim by explaining the malware’s ability to infiltrate the victim’s privacy. “The malware exfiltrates the victim’s saved credentials, including email, social media, or financial accounts. The threat actor can access and sell these accounts on the dark web.

According to Dávid ÁCS, the S1deload Stealer can emulate human behavior to boost videos and other content engagement, among other capabilities, artificially. The malware was observed to get through securities and firewalls using DLL side-loading techniques. Further digging also revealed that the malware launches a headless chrome browser capable of making additionally downloaded modules in its deployment to inflate YouTube video views. The action is then accompanied by loading a cryptojacker that mines cryptocurrency with zero notice.



Please enter your comment!
Please enter your name here

Most Popular