Select Page

An active malware campaign has set its sights on Facebook and YouTube users by leveraging a new information stealer to hijack the accounts and abuse the systems’ resources to mine cryptocurrency.

Bitdefender is calling the malware S1deload Stealer for its use of DLL side-loading techniques to get past security defences and execute its malicious components.

“Once infected, S1deload Stealer steals user credentials, emulates human behaviour to artificially boost videos and other content engagement, assesses the value of individual accounts (such as identifying corporate social media admins), mines for BEAM cryptocurrency, and propagates the malicious link to the user’s followers,” Bitdefender researcher Dávid ÁCS said.

Put differently, the goal of the campaign is to take control of the users’ Facebook and YouTube accounts and rent out access to raise view counts and likes for videos and posts shared on the platforms.

More than 600 unique users are estimated to have been impacted during the six-month period between July and December 2022. A majority of the infections are located in Romania, Turkey, France, Bangladesh, Mexico, Peru, and Canada.

images from Hacker News