New S1deload Stealer malware hijacks Youtube, Facebook accounts

Gandalf_The_Grey

Level 76
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
6,566
An ongoing malware campaign targets YouTube and Facebook users, infecting their computers with a new information stealer that will hijack their social media accounts and use their devices to mine for cryptocurrency.

Security researchers with Bitdefender's Advanced Threat Control (ATC) team discovered the new malware and dubbed it S1deload Stealer due to its extensive use of DLL sideloading for evading detection.

"Between July and December 2022, Bitdefender products detected more than 600 unique users infected with this malware," Bitdefender researcher Dávid Ács said.

Victims are tricked into infecting themselves using social engineering and comments on FaceBook pages that push archives with adult themes (e.g., AlbumGirlSexy.zip, HDSexyGirl.zip, SexyGirlAlbum.zip, and more).

If the user downloads one of the linked archives, they will instead get an executable signed with a valid Western Digital digital signature and a malicious DLL (WDSync.dll) containing the final payload.

Once installed on victims' devices, S1deload Stealer can be instructed by its operators to perform one of several tasks after connecting to the command-and-control (C2) server.

As Bitdefender discovered, it can download and run additional components, including a headless Chrome web browser that runs in the background and emulates human behavior to artificially boost view counts on YouTube videos and Facebook posts.

On other systems, it can also deploy a stealer that decrypts and exfiltrates saved credentials and cookies from the victim's browser and the Login Data SQLite database or a cryptojacker that will mine BEAM cryptocurrency.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top