BleepingComputer reports that more than 600 unique Facebook and YouTube users had their social media accounts hijacked and their devices compromised for cryptomining by the novel S1deload Stealer malware campaign between July and December, with attacks still ongoing.
Social-engineering tactics are being leveraged by attackers to lure users into downloading archives with adult themes that are linked on Facebook comments, which when downloaded and installed would prompt the deployment of S1deload Stealer, according to a report from Bitdefender's Advanced Threat Control team.
Aside from enabling the download of more components for malicious activity, S1deload Stealer also facilitates the execution of a stealer for browser-stored credential and cookie decryption and exfiltration, as well as the deployment of a BEAM cryptojacker.
"The stealer component we observed in the wild steals the saved credentials from the victim's browser, exfiltrating them to the malware author's server. The malware author uses the newly obtained credentials to spam on social media and infect more machines, creating a feedback loop," said Bitdefender researcher Dvid cs.