A new malware has been discovered that hijacks users' social media accounts, steals their saved login credentials and uses their devices to mine cryptocurrency, specialists have warned.
Researchers from Bitdefender's Advanced Threat Control (ATC) team have discovered a new variety they have named S1deload Stealer that seeks to evade detection by antivirus programs through heavy use of DLL sideloading.
In the second half of last year, the hackers behind the campaign managed to infect hundreds of terminals (opens in a new tab) with this new information stealer:
Hundreds of infected devices
“Between July and December XNUMX, Bitdefender products reported more than XNUMX unique users infected with this malware,” said Bitdefender scholar Dávid Ács.
In order to infect devices, victims must download and run the malware themselves. The attackers created multiple files (.zip files) that appeared to contain adult content. Those who download and run this content will not get what they were looking for, but instead will get the Infostealer, capable of doing multiple things:
First, you can download and run a headless Google Chrome browser that runs in the background and opens different YouTube videos and Facebook posts to boost views. You can download and run an information stealer that decrypts and filters saved login credentials in browsers, such as session cookies.
If you come across a Facebook account, it will try to examine it, to see if you manage Facebook Pages or Sets, pay for ads on the platform, or are linked to a business chef account. Obviously, each and every one of these things would make this account more valuable.
Finally, you can download, install and run a cryptocurrency miner, mining the BEAM cryptocurrency for attackers. BEAM describes itself as a "restricted cryptocurrency and DeFi platform."
"The stealing component we observed in the wild steals the credentials stored in the victim's browser, exfiltrating them to the malware author's server," Ács said. "The malware creator uses the newly obtained credentials to spam social networks and infect more machines, creating a feedback loop."
Via: BleepingComputer (opens in a new tab)