YouTube and Facebook accounts are being hit by dangerous new malware

Malware rakes up views using victim’s accounts

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

A newmalwarehas been discovered hijacking people’s social media accounts, stealing their saved login credentials, and using their devices to mine cryptocurrencies, experts have warned.

Researchers from Bitdefender’s Advanced Threat Control Team (ATC) found a new strain they named S1deload Stealer that tries to avoid being detected byantivirusprograms through heavy use of DLL sideloading.

In the second half of last year, the hackers behind the campaign managed to infect hundreds ofendpointswith this new infostealer:

Hundreds of infected devices

“Between July and December 2022, Bitdefender products detected more than 600 unique users infected with this malware,” Bitdefender researcher Dávid Ács noted.

To infect the devices, the victims need to download and run the malware themselves. The attackers created multiple archives (.zip files) allegedly holding adult content. Those that download and run that content won’t get what they came for, but will instead get the infostealer, capable of doing a couple of things:

First, it can download and run a headless Chrome browser that runs in the background and opens differentYouTubevideos and Facebook posts to rake up views. It can download and run an infostealer that decrypts and exfiltrates login credentials saved in browsers, as well as session cookies.

A nasty new infostealer malware is landing in email inboxes>This infostealer has a vicious sting for Python developers>These are the best firewalls right now

If it stumbles upon a Facebook account, it will try and analyze it, to see if it administrates any Facebook pages or groups, if it pays for ads on the platform, or if it’s linked to a business manager account. Obviously, all these things would make that account more valuable.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Finally, it can download, install, and run, a cryptocurrency miner, mining the BEAM cryptocurrency for the attackers. BEAM describes itself as a “confidential cryptocurrency and DeFi platform.”

“The stealer component we observed in the wild steals the saved credentials from the victim’s browser, exfiltrating them to the malware author’s server,” Ács said. “The malware author uses the newly obtained credentials to spam on social media and infect more machines, creating a feedback loop.”

Via:BleepingComputer

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

A new form of macOS malware is being used by devious North Korean hackers

Scammers are using fake copyright infringement claims to hack businesses

Belkin’s Travel Bag for Vision Pro has pockets and is way cheaper than Apple’s own case