Social media sites like Facebook are common vectors for threat actors to spread malware. Due to this, it is highly recommended to avoid downloading files from social media sites, particularly in cases where the source is unknown or untrusted. Even from known sources, it is recommended to carefully vet any links or files that are shared, as the source could be compromised. It is also recommended to maintain good endpoint security controls on all devices in an organization, particularly ones used by end users to browse the Internet. This can not only help prevent such malware from infecting a device in the first place, but it can also help detect any malware that does slip through. The infection process that S1deload uses contains many techniques that can be detected and alerted upon. Legitimate and signed binaries executing from abnormal file locations, unknown processes making outbound network connections following the pattern of C2 beaconing, and multiple abnormal Run Registry keys being created in quick succession are all behaviors that would be considered suspicious. Binary Defense’s Managed Detection and Response service is an excellent asset to assist with these types of detection needs.
https://thehackernews.com/2023/02/new-s1deload-malware-hijacking-users.html
