More than 500,000 devices around the world have been compromised with variants of the S1deload Stealer and SYS01stealer and other information-stealing malware over the last three months as part of a Vietnamese threat actor's malverposting campaign, according to The Hacker News.
Most of the devices impacted by the campaign were in the U.S., Canada, Australia, India, and the U.K., a report from Guardio Labs revealed.
Malverposting attacks were noted by researchers to involve the creation of new business profiles and popular account takeovers to facilitate the distribution of ads promoting free adult-rated photo albums, which would eventually trigger the distribution of stealer malware.
The report noted that the Vietnamese campaign involved the creation of new business profile pages passed off as photographer accounts and that continuous improvements are being done to the means of deploying the PHP-based stealer in an effort to better evade detection.
"The malicious payload is quite sophisticated and varies all the time, introducing new evasive techniques," said Guardio Labs researcher Nati Tal.