An ongoing malware campaign is targeting YouTube and Facebook users, infecting their computers with a new information thief that will hijack their social media accounts and use their devices to mine cryptocurrency
Security researchers with Bitdefender’s Advanced Threat Control (ATC) team discovered the new malware and dubbed it S1deload Stealer due to its extensive use of DLL Sideloading to evade detection.
Between July and December 2022, Bitdefender products identified more than 600 unique users infected with this malware.
If it manages to steal a Facebook account, the malware will also try to estimate its actual value by leveraging the Facebook Graph API to find out if the victim is the admin of a Facebook page or group, if they pay for ads, or are linked to a business manager account.
To avoid getting infected and hijacking your social media accounts, never run executable files from unknown sources and always update your software and operating systems.
Indicators (IOCs) and YARA rules linked to this campaign are available at the end of the Bitdefender report (PDF).