Threat actors have long tempted the unwary into installing malware with offers of free or cracked software for popular programs such as Photoshop – but now they are using artificial intelligence (AI)-generated video personas to make their bogus adverts seem more credible.
“It is well known that videos featuring humans, especially those with certain facial features, appear more familiar and trustworthy,” said CloudSek, which conducted research into the worrying sub-trend.
“There has been a recent trend of videos featuring AI-generated personas, across languages and platforms – Twitter, Youtube, Instagram – providing recruitment details, educational training, promotional material, and so on,” it said. “Threat actors have also now adopted this tactic.”
Popular AI-generator tools – used by legitimate concerns and not just cybercriminals – that were spotted by CloudSek included Synthesia and D-ID.
CloudSek adds that in November it saw YouTube videos containing malware links to information-stealer programs such as Vidar, RedLine, and Raccoon increased by as much as 300% month-on-month.
“The videos lure users by pretending to be tutorials on how to download cracked versions of software such as Photoshop, Premiere Pro, Autodesk 3ds Max, AutoCAD, and other products that are licensed products available only to paid users,” it said.
The crooks behind such offers then use specialized programs called infostealers to rob the victim of valuable or sensitive information, such as browser data including passwords, cookies, and form auto-fill instructions, as well as cryptocurrency wallet data, .txt and excel files, and credentials used to access popular communication apps such as Telegram.
“Infostealers are malicious software designed to steal sensitive information from computers,” said CloudSek. “They can steal passwords, credit card information, bank account numbers, and other confidential data. They are usually spread through malicious software downloads, fake websites, and Youtube tutorials.”
Hunting trips on YouTube short but sweet
Although YouTube, estimated to have well over two billion active monthly users, is a happy hunting ground for cybercriminals, the platform’s strict policing regime means that many crooks have to accept that they will get booted off it after a short, but often fruitful, period of time.
“While Youtube is an easy way to reach millions of users, the platform’s regulations and review process make it difficult for threat actors to have long-term active accounts on the platform,” said CloudSek. “Once a few users have been affected, the video is usually taken down and the account banned. Hence threat actors are always looking for new ways to circumvent the platform’s algorithm and review process.”
Tools of a crooked trade
Using AI-generated videos to create the perfect ‘digital con artist’ appears to be just the latest gimmick in the tool bag that cybercriminals use to try to leverage tough platforms such as YouTube.
Other popular tricks of a nefarious trade include using legal URL shorteners such as bit.ly or cutt.ly to conceal the true purpose of malware links, in a technique known as “obfuscation,” and leaving fake or dummy comments to give a crooked account the illusion of authenticity.
“Threat actors add several comments claiming that the cracked software worked for them,” said CloudSek. “This lends the videos an air of legitimacy and misleads users into believing that the malicious download is legitimate. Several videos have identical comments within an hour of being posted, which indicates that the threat actors have automated the process of adding fake comments to videos.”
CloudSek has some simple advice for those wishing to avoid being caught out by such scams: don’t use freebie versions of computer programs that normally cost money.
“Avoid downloading or using pirated software because the risks greatly outweigh the benefits,” it said.
More from Cybernews:
Subscribe to our newsletter