A new malware campaign on Facebook and YouTube is making headlines. S1deload Stealer hijacks these social media accounts, mines cryptocurrency, and spreads itself. Discover what business owners need to know about this malware.
How the Malware Installs Itself
S1deload Stealer is hidden within photo files with adult themes. The attackers use social
engineering to post download links to these files on Facebook comments.
When someone downloads one of the relevant files and then unzips the folder, they will see a signed executable file. That file includes the malicious DLL with the payload and a valid Western Digital signature.
Users may not even know they have malware on their computers. The file that contains the DLL also has real images, reducing suspicion.
What Happens After Installation
After installation, the hackers’ command and control server instructs the S1deload Stealer. It can run and download various components. One of these is a headless Chrome browser. As a headless browser, it runs in the background without the user knowing. This is a common way to boost YouTube and Facebook views.
The malware also uses a stealer to access passwords and other credentials saved in the browser. It also accesses exfiltration and cookie decryption. From there, the attacker uses the credentials to post more comments on social media via additional social engineering attacks, expanding its reach.
S1deload Stealer also deploys a BEAM cryptojacker, which allows for cryptomining. By mining BEAM, the attackers get another financial benefit from this malware.
The Malware’s Reach
To date, S1deload Stealer has affected at least 600 unique users, infecting their computers.
Bitdefender broke the news of this new malware. The cybersecurity company says that you
should never click on an EXE file that comes from an unknown or untrusted source. It also
suggests paying attention to any security alerts your computer issues.
Conclusion – And What Business Owners Can Learn
S1deload Stealer is just one recent example of the increase in malware targeting both businesses and consumers. Businesses are an especially appealing target because they store credit card information. Business owners should protect their companies and their customers by checking for unexpected purchases and canceling affected cards. They should also implement safeguards within their systems and train employees on best practices, such as not downloading EXE files.