- The best foldable phones of 2024: Expert tested and reviewed
- Redefining customer experience: How AI is revolutionizing Mastercard
- The Apple Pencil Pro has dropped down to $92 on Amazon ahead of Black Friday
- This tiny USB-C accessory has a game-changing magnetic feature (and it's 30% off)
- Schneider Electric ousts CEO over strategic differences
Hackers Use S1deload Stealer to Target Facebook, YouTube Users
Security researchers have discovered a new global campaign relying on an infostealer targeting Facebook and YouTube accounts.
Dubbed “S1ideload Stealer” by Bitdefender, the new malicious software employs DLL sideloading techniques to run its malicious components.
“It uses a legitimate, digitally-signed executable that inadvertently loads malicious code if clicked,” wrote Bitdefender security researcher Dávid ÁCS in an advisory published on Wednesday. “S1deload Stealer effectively infects systems as sideloading helps get past system defenses.”
Further, the executable also relies on a real image folder to lower user suspicion of malware.
After the initial infection, S1deload Stealer can obtain user credentials, as well as imitate human behavior to boost engagement on videos and other content artificially.
It can also reportedly assess the system value of individual accounts, mine for BEAM cryptocurrency and propagate the malicious link to the user’s followers.
“While this may seem like a personal credentials leak, some of the credentials stolen by such attacks end up being corporate email credentials that are then being used for BEC attacks,” explained Coro co-founder Dror Liwer.
“As users use the same device for both personal and work purposes, the line between personal and corporate credentials hasn’t been blurred, it has evaporated,” he added.
More generally, Roger Grimes, data-driven defense evangelist at KnowBe4, explained that malware like S1deload Stealer will always find ways around malware mitigations.
“All we do is play a long-term, losing game of Whack-a-Mole by trying to go after and defeat individual threats when we should be focusing on the root causes of successful exploitation,” Grimes told Infosecurity in an email.
“This and most malware can be prevented by aggressively training yourself and users in how to spot and defeat social engineering attacks,” Grimes added.
More information about S1deload Stealer is available in a recent white paper by the Bitdefender team.
The analysis comes weeks after Symantec researchers warned system defenders against a separate infostealer called Graphiron and targeting Ukraine.
Image credit: I AM NIKOM / Shutterstock.com
