YouTube and Facebook accounts are being hit by dangerous new malware
Date:
Thu, 23 Feb 2023 15:56:30 +0000
Description:
YouTube and Facebook accounts targeted by new malware strain.
FULL STORY ======================================================================
A new malware has been discovered hijacking peoples social media accounts, stealing their saved login credentials, and using their devices to mine cryptocurrencies, experts have warned.
Researchers from Bitdefenders Advanced Threat Control Team (ATC) found a new strain they named S1deload Stealer that tries to avoid being detected by antivirus programs through heavy use of DLL sideloading.
In the second half of last year, the hackers behind the campaign managed to infect hundreds of endpoints with this new infostealer: Hundreds of infected devices
"Between July and December 2022, Bitdefender products detected more than 600 unique users infected with this malware," Bitdefender researcher Dvid cs noted.
To infect the devices, the victims need to download and run the malware themselves. The attackers created multiple archives (.zip files) allegedly holding adult content. Those that download and run that content wont get what they came for, but will instead get the infostealer, capable of doing a
couple of things:
First, it can download and run a headless Chrome browser that runs in the background and opens different YouTube videos and Facebook posts to rake up views. It can download and run an infostealer that decrypts and exfiltrates login credentials saved in browsers, as well as session cookies. Read more
A nasty new infostealer malware is landing in email inboxes
This infostealer has a vicious sting for Python developers
These are the best firewalls right now
If it stumbles upon a Facebook account, it will try and analyze it, to see if it administrates any Facebook pages or groups, if it pays for ads on the platform, or if its linked to a business manager account. Obviously, all
these things would make that account more valuable.
Finally, it can download, install, and run, a cryptocurrency miner, mining
the BEAM cryptocurrency for the attackers. BEAM describes itself as a confidential cryptocurrency and DeFi platform.
"The stealer component we observed in the wild steals the saved credentials from the victim's browser, exfiltrating them to the malware author's server," cs said. "The malware author uses the newly obtained credentials to spam on social media and infect more machines, creating a feedback loop." Stay safe from threats with the best ransomware removal tools around
Via: BleepingComputer
======================================================================
Link to news story:
https://www.techradar.com/news/youtube-and-facebook-accounts-are-being-hit-by- this-dangerous-new-malware
--- Mystic BBS v1.12 A47 (Linux/64)
* Origin: tqwNet Technology News (1337:1/100)