Information stealer malware is being delivered via YouTube in the guise of pirated software and video game cracks, cybersecurity firm Proofpoint warns.
Malware, including Vidar, StealC, and Lumma Stealer, has been distributed on YouTube in the form of video game cracks, the firm revealed after the investigation. Malicious links were disguised as video descriptions and led to the download of information stealers, it said.
The videos purported to show the user how to download software or upgrade video games for free, with many belonging to accounts that appeared to be compromised or otherwise acquired from legitimate users.
Researchers also observed accounts that were likely created and controlled by threat actors to exclusively deliver malware. Many of such accounts were active for only a few hours, researchers said.
“The use of a popular video-sharing platform to distribute malware illustrates that threat actors continue to use well-known brands to entice users to engage with malicious content,” said Selena Larson, senior threat intelligence analyst at Proofpoint.
The videos target consumer users, who do not have the same resources to defend themselves from attackers compared to enterprises, Larson said. Many also feature games popular with children, a group that is less likely to be able to identify malicious content or online risks.
“And while attacks on individual users may not result in the same level of financial gain for threat actors as attacks on corporations, the victims likely still have data like credit cards, cryptocurrency wallets, and other personally identifiable information (PII) stored on their computers which can be lucrative to criminals,” Larson said.
Significant gaps between the posted videos and content that differs significantly from previously published videos could indicate that an account was compromised or otherwise acquired by malicious actors, according to Proofpoint.
For example, one such account shared by researchers was a verified channel with 113,000 subscribers. The majority of the account’s videos were posted a year or more previously and were all in Thai.
However, it had 12 new English language videos about popular video games and software cracks posted within 24 hours upon discovery, all containing links to malicious content. Some had over 1,000 views, possibly artificially boosted by bots to appear more legitimate.
Proofpoint said it had identified and reported over two dozen similar accounts distributing malware to YouTube, which then removed the content.
Your email address will not be published. Required fields are markedmarked