Beware of YouTube: Malicious videos spread password-stealing malware.
YouTube users, beware! Many malicious videos are spreading password-stealing malware to their viewers. Last October 20, Google’s Threat Analysis Group or TAG previously warned its leading YouTube creators about cookie-stealing malware.
It turns out that threat actors have been running phishing programs since 2019, with around 15,000 targeting top YouTube creators. Additionally, victims’ accounts are sold on the dark web for just $3. However, this time around, a security researcher discovered that there is a new malware campaign on YouTube, which is seeing a significant increase.
A security researcher named Frost shared his latest discovery with BleepingComputer, noting that more YouTube videos are targeting its viewers with password-stealing Trojans. The researcher also revealed that out of the thousands of malicious videos posted to YouTube, the campaign specifically delivered two types of malware, the Racoon Stealer and RedLine.
Password stealing malware
The aforementioned type of malware enters the computer system secretly. Then it silently extracts the user’s personal information in the background, including passwords, credit card credentials, cookies, and even active window screens.
That said, these Trojans could significantly expose victims’ private information to threat actors. The security researcher then explained how the phishing system works, noting that the campaign continues to grow.
Massive campaign uses YouTube to push password-stealing malware – @LawrenceAbramshttps://t.co/TEsgu1Rt2x
— BleepingComputer (@BleepinComputer) October 21, 2021
Frost further claimed that criminal minds were starting to use the YouTube accounts they stole, which could be linked to Google’s earlier warning to prominent creators. For diagrams like this. After that, the criminal mind will produce hundreds of videos using the stolen high-profile YouTube account.
Latest Phishing scheme in YouTube
It should be noted that malicious content usually talks about how-tos, gambling tips, cryptocurrencies, and VPN apps. Besides these topics being of interest to thousands or even millions of users, they usually require users to install an app from a link in the description.
However, the link in the description will instead lead to a tool that installs the malware on the user’s computer.
Now that Frost has exposed the schematic of these criminal minds, it proves that you should avoid downloading apps from just a link on a video description. If ever a YouTube video has shared software via its description, the best thing to do is to research more about it and download it directly from reliable sources.
Additionally, BleepingComputer further suggested in the same report that it would be best to download the installer from VirusTotal’s site to find out if it does not crash any password-stealing malware.
Image courtesy of WASTETIME/YouTube