A team of researchers who are working at the Advanced Threat Control Team over at Bitdefender have just discovered a brand new strain of malware, and it turns out that it might be especially dangerous for Facebook and YouTube users. The name of the malware is S1deload Stealer due to its tendency to use DLL sideloading to evade getting detected by antivirus software with all things having been considered and taken into account.
It turns out that as many as 600 users have already been infected by the malware. It is distributed in a zip folder that is ostensibly supposed to possesses adult content, which makes users more likely to download it and run it themselves than might have been the case otherwise.
With all of that having been said and now out of the way, it is important to note that the zip folder does not contain any adult oriented content. Instead, it starts to run an infostealer that will run Facebook and YouTube videos in the background.
Malicious actors often do this because of the fact that this is the sort of thing that could potentially end up artificially increasing the view count of various videos. This can allow them to generate adsense revenue, and it can also put a major strain on users as well as being quite difficult to get rid of.
What’s more, this infostealer can delve into session cookies to steal any login credentials that might be saved therein. Hundreds of users have already ended up losing access to their social media accounts, and chances are that many more will suffer unless steps are taken to prevent that from happening.
The malware also comes with a cryptocurrency miner, so it clearly possesses all of the hallmarks of a highly profitable infostealer. Users need to be cautious about the files that they download and ensure that they only come from the most trustworthy of sources. Being more discerning about downloads can often be enough to protect users from such forms of malware that can end up doing them great harm in the most common scenarios.
H/T: BC / Illustration: Macrovector
Read next: Malwarebytes publishes the State of Malware report for 2023
It turns out that as many as 600 users have already been infected by the malware. It is distributed in a zip folder that is ostensibly supposed to possesses adult content, which makes users more likely to download it and run it themselves than might have been the case otherwise.
With all of that having been said and now out of the way, it is important to note that the zip folder does not contain any adult oriented content. Instead, it starts to run an infostealer that will run Facebook and YouTube videos in the background.
Malicious actors often do this because of the fact that this is the sort of thing that could potentially end up artificially increasing the view count of various videos. This can allow them to generate adsense revenue, and it can also put a major strain on users as well as being quite difficult to get rid of.
What’s more, this infostealer can delve into session cookies to steal any login credentials that might be saved therein. Hundreds of users have already ended up losing access to their social media accounts, and chances are that many more will suffer unless steps are taken to prevent that from happening.
The malware also comes with a cryptocurrency miner, so it clearly possesses all of the hallmarks of a highly profitable infostealer. Users need to be cautious about the files that they download and ensure that they only come from the most trustworthy of sources. Being more discerning about downloads can often be enough to protect users from such forms of malware that can end up doing them great harm in the most common scenarios.
H/T: BC / Illustration: Macrovector
Read next: Malwarebytes publishes the State of Malware report for 2023