YouTube and Facebook accounts are being hit by dangerous new malware

Social app icons on a phone screen
iPhone 13 kan få nya funktioner. (Image credit: dole777 / Unsplash)

A new malware has been discovered hijacking people’s social media accounts, stealing their saved login credentials, and using their devices to mine cryptocurrencies, experts have warned.

Researchers from Bitdefender’s Advanced Threat Control Team (ATC) found a new strain they named S1deload Stealer that tries to avoid being detected by antivirus programs through heavy use of DLL sideloading.

In the second half of last year, the hackers behind the campaign managed to infect hundreds of endpoints with this new infostealer:

Hundreds of infected devices

"Between July and December 2022, Bitdefender products detected more than 600 unique users infected with this malware," Bitdefender researcher Dávid Ács noted.

To infect the devices, the victims need to download and run the malware themselves. The attackers created multiple archives (.zip files) allegedly holding adult content. Those that download and run that content won’t get what they came for, but will instead get the infostealer, capable of doing a couple of things: 

First, it can download and run a headless Chrome browser that runs in the background and opens different YouTube videos and Facebook posts to rake up views. It can download and run an infostealer that decrypts and exfiltrates login credentials saved in browsers, as well as session cookies. 

If it stumbles upon a Facebook account, it will try and analyze it, to see if it administrates any Facebook pages or groups, if it pays for ads on the platform, or if it’s linked to a business manager account. Obviously, all these things would make that account more valuable. 

Finally, it can download, install, and run, a cryptocurrency miner, mining the BEAM cryptocurrency for the attackers. BEAM describes itself as a “confidential cryptocurrency and DeFi platform.”

"The stealer component we observed in the wild steals the saved credentials from the victim's browser, exfiltrating them to the malware author's server," Ács said. "The malware author uses the newly obtained credentials to spam on social media and infect more machines, creating a feedback loop."

Via: BleepingComputer

TOPICS

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Read more
botnet
YouTubers targeted by blackmail campaign to promote malware on their channels
DeepSeek
Fake DeepSeek installers are infecting your device with dangerous malware
Representational image of a cybercriminal
Criminals are spreading malware disguised as DeepSeek AI
Pirate skull cyber attack digital technology flag cyber on on computer CPU in background. Darknet and cybercrime banner cyberattack and espionage concept illustration.
Microsoft reveals over a million PCs hit by malvertising campaign
Android phone malware
Screen reading malware found in iOS app stores for first time - and it might steal your cryptocurrency
Abstract image of cyber security in action.
MassJacker malware targets those looking for pirated software
Latest in Security
A stylized depiction of a padlocked WiFi symbol sitting in the centre of an interlocking vault.
Broadcom warns of worrying security flaws affecting VMware tools
URL phishing
HaveIBeenPwned owner suffers phishing attack that stole his Mailchimp mailing list
Ransomware
Cl0p resurgence drives ransomware attacks to new highs in 2025
cybersecurity
Chinese government hackers allegedly spent years undetected in foreign phone networks
Data leak
A major Keenetic router data leak could put a million households at risk
Code Skull
Interpol operation arrests 300 suspects linked to African cybercrime rings
Latest in News
Xbox Series X and Xbox wireless controller set to a green background
Xbox Insiders are currently testing a new Game Hub feature that looks useful, but I've got mixed feelings about it
A stylized depiction of a padlocked WiFi symbol sitting in the centre of an interlocking vault.
Broadcom warns of worrying security flaws affecting VMware tools
Microsoft Surface Laptop and Surface Pro devices on a table.
Hate Windows 11’s search? Microsoft is fixing it with AI, and that almost makes me want to buy a Copilot+ PC
Oura Ring 4
Activity tracking on Oura Ring is about to get a whole lot better, but I've got bad news about your step count
Google Pixel Buds Pro 2
Cleaned your Pixel Buds Pro 2 recently? If not, you might be getting worse sound
Google Maps on a phone being held in someone's hand
Google Maps is getting two key upgrades, for easier route planning and quicker access to Gemini AI