Socelars
Socelars is spyware that collects information related to Facebook and Amazon accounts. Most of its installation exploits use bundles with adware and Potentially Unwanted Programs (PUPs), such as browser extensions. Users can protect themselves by scanning software before installing, avoiding untrustworthy download links, and letting dedicated security solutions remove Socelars installations as soon as possible.
From an Unwanted Program to a Downright Threatening One
The difference between a Potentially Unwanted Program and a Trojan isn't always as concrete as one would hope. Sadly, PUPs are recurring characters in the threat landscape's tales of drive-by-downloads and other exploits. A recent pivot in Linkury Ltd's software products makes for a not-entirely-unexpected illuminating chapter in how the well-known spyware, Socelars is circulating in 2020. Previous attacks by the threat in 2019 made use of PUPs for installations, and it appears that its updated version isn't any different.
Socelars is spyware that malware experts confirm as focusing on Facebook credentials and hijacking Amazon accounts. It accomplishes these attacks by collecting cookie-based browser information, including confidential content like credit card numbers. The features are compatible with users of both Chrome and Firefox browsers.
Old installations of Socelars ride on the backs of a fake 'PDFreader' software, which the victim might download, unintentionally, through Potentially Unwanted Programs like YeaDesktop. Meanwhile, Linkury Ltd, known only for installing browser hijackers and adware, previously, is switching to delivering threats like Socelars and the KPOT data collector. The company traffics in products like Safe Widget, which claims that it protects the user's Web search results.
Taking Information Back Out of an Observer's Hands
Concerning its already-analyzed capabilities, attackers can use Socelars for gaining access to Amazon accounts, but not collecting data from them directly. The threat is more invasive regarding Facebook services and will transfer credentials to the attacker's Command & Control server. While they're ongoing, symptoms of these attacks are insignificant, although the presence of a new browser extension like SafeWidget is very visually apparent.
Malware experts recommend that users change all passwords and related information as soon as possible after dealing with a Socelars infection. However, preventing the installation is even more important and can keep hackers from taking over accounts and financial information wholesale. Since many of its distribution methods center around advertising software and PUPs, Windows users should remember that these 'unwanted' programs aren't safe necessarily, even when security products don't categorize them as official Trojans or malware.
Anti-adware and anti-malware utilities from most security companies should be well-capable of identifying most of the above threats. They should block Trojan bundles and remove Socelars on sight. However, since geo-targeting is in effect, in some cases, different victims may encounter other payloads with unpredictable outcomes.
Socelars isn't very different from other Facebook cyber-thieves like Cookiethief or StressPaint, but its campaigns are a telling display of adware turning into Trojans' partners. Whether or not it seems good on the outside, a Potentially Unwanted Program always has a reason for the label, and users should react to it accordingly.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.