We are increasingly observing threat actors using AI-generated YouTube videos to spread various stealer malware such as Raccoon, RedLine, and Vidar.
“The video pretends to be a tutorial on how to download cracked versions of software such as Photoshop, Premiere Pro, Autodesk 3ds Max, AutoCAD, and other products that are licensed products available only to paid users, and is used by users to ,” said CloudSEK researcher Pavan Karthick M. He said.
Just as the ransomware landscape consists of a core developer and affiliates responsible for identifying potential targets and actually carrying out the attacks, so too does the information theft ecosystem. It consists of threat actors called traffers, which are employed to spread malware in a method.
One popular malware distribution channel is YouTube. CloudSEK is seeing a 200-300% monthly increase in videos with links to stealer malware in the description section.
These links are often obfuscated using URL shortening services like Bitly or Cuttly, or alternatively hosted on MediaFire, Google Drive, Discord, GitHub, and Telegram’s Telegra.ph.
In some instances, threat actors use data leaks and social engineering to hijack legitimate YouTube accounts and push malware. They often target popular accounts to reach large audiences in a short period of time.
“Uploading to such an account also increases the legitimacy of the video,” explains Karthick. “Such a YouTuber, however, reports the account holder to her YouTube and regains access to her account within hours. But within hours, hundreds of users fall prey. could have been.”
Even more ominously, 5-10 crack download videos are uploaded to video platforms every hour, and attackers use search engine optimization (SEO) poisoning techniques to force videos to appear at the top of the list. I’m here.
Attackers have also been observed adding fake comments to uploaded videos to further mislead and lure users into downloading cracked software.
Discover the hidden dangers of third-party SaaS apps
Are you aware of the risks associated with third-party app access to your company’s SaaS apps? Join our webinar to learn about the types of permissions granted and how to minimize the risks.
reserve a seat
The development comes amid a proliferation of new information stealer variants such as SYS01stealer, S1deload, Stealc, Titan, ImBetter, WhiteSnake, and Lumma, with the ability to loot sensitive data under the guise of popular apps and services. I’m here.
The findings also follow the discovery of a ready-to-use toolkit called R3NIN Sniffer. This toolkit allows attackers to siphon payment card data from compromised e-commerce websites.
To reduce the risk of stealer malware, users are advised to enable multi-factor authentication, avoid clicking on unknown links, and avoid downloading or using pirated software.
