Connect with us


Criminals use YouTube videos to spread account stealing malware






A few days after Google warned of a malicious campaign that sought to steal YouTube creators accounts, a new threat was detected on the video platform, using the platform’s own content to distribute trojans that steal users’ passwords.

The information was given to the website BleepingComputer, by the digital security researcher known as Frost. According to the expert, the scams are carried out by two criminals, with each one distributing a threat, RedLine and Racoon Stealer.

According to the researcher, more than 100 videos related to the threat and 81 channels were created in about 20 minutes. Criminals make use of stolen accounts to upload more content to YouTube, creating an endless growth cycle of content that leads to the attack.

Want to catch up on the best tech news of the day? Access and subscribe to our new youtube channel, Canaltech News. Everyday a summary of the main news from the tech world for you!

How the attack occurs

The attack begins with the creation of multiple YouTube channels with videos on topics such as video game cheating, technology guides and tutorials, VPN software, and other popular platform categories.

These videos always explain how to perform the thematic tasks from a specific program, which has the download link provided in the video description. If the link is compressed to the extension, it leads to RedLine infection. Now, if the address is not shortened, it will take you to the page where Racoon Stealer contaminates the machine.

When a computer is infected, threats scan all browsers and files present on the machine for cryptocurrency wallets, credit cards, passwords and other personal data, which are then sent to criminals.

Google sent a statement to the BleepingComputer website about the threat, where the company says it is aware of it and is already taking action. The tech giant also claims it is notifying all malicious links from this campaign to its Safe Browsing system, which alerts users when something suspicious is found.

On Wednesday (20), Google’s Threat Analysis (TAG) group released the analysis of phishing campaigns that, since 2019, steal accounts from YouTube creators. The current threat is different, but it serves to show how even the tech giant’s services pose security risks

In case you are worried about the threat, the main recommendation, besides the use of antivirus solutions, is to avoid as much as possible downloading files by descriptions from YouTube or from unknown websites.

The post Criminals use YouTube videos to spread account stealing malware appeared first on CmaTrends.

Click to comment

Leave a Comment on CmaTrends



Skip to toolbar