Cybersecurity researchers see a 200-300% month-on-month increase in YouTube videos containing links to infostealer malware in their descriptions. Many of these were generated using artificial intelligence (AI) programs such as Synthesia and D-ID.
The findings are described in a new report by Pavan Karthick, a threat intelligence research intern at CloudSEK.
“It’s well known that humans, especially videos with certain facial features, appear more friendly and trustworthy,” the document states.
“That is why videos featuring AI-generated personas across languages and platforms (Twitter, Youtube, Instagram) are a recent trend, providing recruitment details, educational training, promotional materials, and more. Actors also employ this tactic.”
Infostealers delivered via these videos included Vidar, RedLine, and Raccoon. Many of these channels counted hundreds or thousands of views.
“[For instance]Hogwarts [Legacy] A crack download video generated using d-id.com was uploaded to a YouTube channel with 184,000 subscribers. Within minutes of being uploaded, the video had 9 likes and he had over 120 views,” Karthick wrote.
According to security researchers, this trend shows that infostealer threats are rapidly evolving and becoming more sophisticated.
“String-based rules have proven ineffective against malware that dynamically generates strings or uses encrypted strings. , varies from sample to sample (e.g. newer versions of Vidar, Raccoon, etc.),” explains Karthick.
Additionally, the malware family can only be detected when the sample is unpacked, which is rarely used in malware campaigns. ”
More information about Raccoon can be found here: Credential Stealer Malware Raccoon Updated to Retrieve Passwords More Efficiently
To defend against such threats, Karthick advised companies to adopt adaptive threat monitoring tools.
“Apart from this, we recommend that users enable multi-factor authentication and avoid clicking on unknown links or emails. Additionally, downloading and using pirated software is discouraged as the risks greatly outweigh the benefits. Please avoid.”
AI tools are also often associated with data privacy concerns. Read this analysis to learn more about this trend. Information security Associate Editor, James Coker.
