YouTube videos used to spread malware

YouTube videos helped to spread the Lumma Stealer malware, which targets cryptocurrency wallets and browser extensions to steal sensitive data.

Researchers at California-based cybersecurity firm Fortinet recently discovered that malicious actors are using YouTube channels to distribute Lumma Stealer malware.

In the report, the cybersecurity researchers explain that the hackers' tactics involve breaching a YouTube account to upload fake videos with installation guides for cracked software.

The video descriptions contain a malicious link, enticing users to download a ZIP file. URLs are often shortened using services like TinyURL and Cuttly. To bypass simple web filter blacklists, attackers use open-source platforms such as GitHub and MediaFire instead of setting up their own malicious servers.

The provided links direct users to download a new private .NET loader, which is responsible for retrieving the Lumma Stealer malware.

Lumma Stealer
Source: Fortinet

Lumma Stealer, previously known as LummaC2 Stealer, is a subscription-based malware that steals sensitive information from the victim’s device. Lumma Stealer primarily targets cryptocurrency wallets and two-factor authentication (2FA) browser extensions, before ultimately stealing sensitive information from the device.

The malware is written in C language and has been available through a malware-as-a-service (MaaS) model on underground forums and a Telegram channel since 2022, priced at $140-$160 per month.

It’s believed that the malware was developed by the threat actor “Shamel” under the alias “Lumma.”

More from Cybernews:

Entire population of Brazil possibly exposed in massive data leak

Fuel leak on Astrobotic's moon lander leaves 'no chance' of soft landing

SEC’s X account hacked, leading to bitcoin market stir

Russian telecom targeted by Ukrainian hacktivists as payback for Kyivstar

The hidden truth behind e-receipts: are they a privacy backdoor?

Subscribe to our newsletter

Leave a Reply

Your email address will not be published. Required fields are markedmarked