Huge marketing campaign makes use of YouTube to push password-stealing malware



Widespread malware campaigns are creating YouTube movies to distribute password-stealing trojans to unsuspecting viewers.
Password stealing trojans are malware that quietly runs on a pc whereas stealing passwords, screenshots of energetic home windows, cookies, bank cards saved in browsers, FTP credentials, and arbitrary information determined by the menace actors.
When put in, the malware will talk with a Command & Management server, the place it waits for instructions to execute by the attacker, which may entail the working of extra malware.
Malicious YouTube movies gone wild
Menace actors have lengthy used YouTube movies as a method to distribute malware by way of embedded hyperlinks in video descriptions.
Nevertheless, this week has Cluster25 safety researcher Frost informed BleepingComputer that there was a big uptick in malware campaigns on YouTube pushing numerous password-stealing Trojans.
Frost informed BleepingComputer that it’s possible two clusters of malicious exercise being performed concurrently – one pushing the RedLine malware and the opposite pushing Racoon Stealer.
The researcher stated that hundreds of movies and channels had been made as a part of this huge malware marketing campaign, with 100 new movies and 81 channels created in simply twenty minutes.
Frost defined that the menace actors use the Google accounts they steal to launch new YouTube channels to unfold malware, making a endless and ever-growing cycle.
“The menace actors have hundreds of latest channels obtainable as a result of they infect new purchasers every single day. As a part of these assaults, they steal sufferer’s Google credentials, that are then used to create new YouTube Movies to distribute the malware,” Frost informed BleepingComputer.
The assaults begin with the menace actors creating quite a few YouTube channels full of movies about software program cracks, licenses, how-to guides, cryptocurrency, mining, sport cheats, VPN software program, and just about every other standard class.

Instance of a malicious YouTube channel
These movies comprise content material that explains find out how to carry out a process utilizing a particular program or utility. Moreover, the YouTube video’s description consists of an alleged hyperlink to the related device used to distribute the malware.

Malicious YouTube video pushing RedLine stealer
If a video comprises a hyperlink, it’ll result in one other file-sharing web site internet hosting the RedLine password-stealing malware an infection. Nevertheless, if it consists of an unshortened area, it’ll redirect to a web page on the taplink[.]cc area to push Racoon Stealer, as proven under.

Touchdown web page for the Racoon Stealer
As soon as a consumer turns into contaminated, the malware will proceed to scan all put in browsers and the pc for cryptocurrency wallets, bank cards, passwords, and different knowledge and add it again to the attacker.
Google informed BleepingComputer that they’re conscious of the marketing campaign and are taking motion to disrupt the exercise.

“We’re conscious of this marketing campaign and are at present taking motion to dam exercise by this menace actor and flagging all hyperlinks to Secure Looking. As all the time, we’re constantly enhancing our detection strategies and investing in new instruments and options that mechanically determine and cease threats like this one. It is usually essential that customers stay conscious of most of these threats and take applicable motion to additional shield themselves.”  – Google.

Google additionally disclosed this week a phishing marketing campaign that distributed password-stealing trojans used to steal the accounts of YouTube Creators. These accounts had been then offered on darkish internet markets or used to carry out cryptocurrency scams.
Downloading software program may be harmful
These campaigns illustrate how essential it isn’t to obtain applications from the Web haphazardly, as websites like YouTube can’t vet each hyperlink added by video publishers.
Subsequently, a consumer ought to analysis a web site earlier than downloading and putting in something from it to find out if they’ve a superb popularity and may be trusted. Even then, it’s all the time steered that you simply first add this system to a web site like VirusTotal to substantiate if it is secure to run.
If in case you have by chance fallen for this assault and put in a program from the same hyperlink, it’s strongly steered that you simply scan your laptop with an antivirus program.
After you might have eliminated any malware detected in a virus scan, you must instantly change any passwords saved in your browsers.
Replace 10/21/21 7:28 PM EST: Added a press release from Google.