YouTube videos used to spread malware


YouTube videos helped to spread the Lumma Stealer malware, which targets cryptocurrency wallets and browser extensions to steal sensitive data.

Researchers at California-based cybersecurity firm Fortinet recently discovered that malicious actors are using YouTube channels to distribute Lumma Stealer malware.

In the report, the cybersecurity researchers explain that the hackers' tactics involve breaching a YouTube account to upload fake videos with installation guides for cracked software.

ADVERTISEMENT

The video descriptions contain a malicious link, enticing users to download a ZIP file. URLs are often shortened using services like TinyURL and Cuttly. To bypass simple web filter blacklists, attackers use open-source platforms such as GitHub and MediaFire instead of setting up their own malicious servers.

The provided links direct users to download a new private .NET loader, which is responsible for retrieving the Lumma Stealer malware.

Lumma Stealer
Source: Fortinet

Lumma Stealer, previously known as LummaC2 Stealer, is a subscription-based malware that steals sensitive information from the victim’s device. Lumma Stealer primarily targets cryptocurrency wallets and two-factor authentication (2FA) browser extensions, before ultimately stealing sensitive information from the device.

The malware is written in C language and has been available through a malware-as-a-service (MaaS) model on underground forums and a Telegram channel since 2022, priced at $140-$160 per month.

It’s believed that the malware was developed by the threat actor “Shamel” under the alias “Lumma.”

ADVERTISEMENT