Bit-defender recently discovered a new piece of malware that primarily targets Facebook and YouTube users. This malware robbery plan is to steal login credentials from infected devices and then use that information to steal the user’s social media accounts. This latest malware uses specific kinds of devices that are helpful in mining crypto currencies.
According to Bit-defender’s advanced threat control (ATC), the team uses social engineering to convince users to download malware onto their devices via comments on Facebook and YouTube. A zip link is inserted that pushes a legitimate executable (.zip) file that is mostly targeted at adult profiles.
The executable file is named in such a manner that it can attract a user. It does not work as expected after downloading it. It will start loading codes on your device as soon as you open it.
To avoid being discovered by the computer’s antivirus software and other security measures, Sideload Stealer uses DLL sideloading tactics, hence the name. After the malware is running, it establishes a connection with the command-and-control (C2) server to let threat actors send commands to it from a distance.
The malware can download and execute a headless Chrome browser in the background, according to information provided by Bitdefender. It opens a number of Facebook posts and YouTube videos without the victim’s knowledge in order to artificially increase views.
To steal saved login credentials, this malware can also use a stealer. Also, if a Facebook account is accessed, the virus can check to see whether it controls any pages or groups, purchases ads, or is linked to a business management account.
By knowing how important an account is, the attackers may better tailor their instructions. Not to mention, Sideload Stealer has the ability to download and run a miner for cryptocurrencies. The victim’s device is used by the attackers to mine BEAM cryptocurrency.
Hundreds of people have been attacked by the Slideload Stealer malware operation, which has been active since at least last year. In the final six months of 2022, or between July and December, Bitdefender claims to have “detected more than 600 distinct users afflicted with this virus.”
The security company advises customers to avoid downloading executable files from untrusted sources. Make sure you are always aware of what is being installed on your computer.
“Bitdefender products catch the SSL stealer at every stage of execution.” Users should avoid to open .exe files downloaded from unreliable sources. Also, users must never disregard security software alarms, a researcher for Bitdefender wrote in a blog post.
RS News or Research Snipers focuses on technology news with a special focus on mobile technology, tech companies, and the latest trends in the technology industry. RS news has vast experience in covering the latest stories in technology.
