Search This Blog

YouTube Videos Spread Password Stealing Malware

There has been a significant uptick in malware campaigns on YouTube pushing various password-stealing Trojans.


According to Greek legend, a Trojan is a form of malware that disguises itself as a legitimate file or software in order to fool unsuspecting users into downloading it on their computers. This is how naive users give cyberattackers unauthorized remote access. Threat actors will now be able to monitor a user's activities (web browsing, computer usage, and so on) in order to collect and extract sensitive data, erase files, or download more malware onto the PC, among other things. 

Threat actors are getting more inventive, as they have begun to utilize YouTube videos to spread malware via embedded links in video descriptions. Cluster25 security researcher Frost said that malware campaigns promoting various password-stealing Trojans have increased significantly on YouTube. Frost believes that two clusters of malicious activity are operating at the same time, one distributing RedLine malware and the other distributing Racoon Stealer. 

Malicious actors start by launching dozens of new YouTube channels dedicated to software cracks, licenses, how-to instructions, bitcoin, mining, game hacks, VPN software, and just about any other popular topic. These videos demonstrate how to complete a task using a specific piece of software or technology. Furthermore, the description of the YouTube video claims to provide a link to the associated programme that was used to disseminate the virus.

"We are aware of this campaign and are currently taking action to block activity by this threat actor and flagging all links to Safe Browsing. As always, we are continuously improving our detection methods and investing in new tools and features that automatically identify and stop threats like this one. It is also important that users remain aware of these types of threats and take appropriate action to further protect themselves," said Google. 

According to the researcher, thousands of videos and channels were created as part of the massive virus effort, with 100 new videos and 81 channels launched in only twenty minutes. Threat actors use stolen Google accounts to create new YouTube channels to spread malware, according to Frost, creating an infinite and ever-growing loop. 

"The threat actors have thousands of new channels available because they infect new clients every day. As part of these attacks, they steal victim's Google credentials, which are then used to create new YouTube Videos to distribute the malware," Frost said. 

These campaigns demonstrate the need of not to download programmes from the Internet at random, as video publishers cannot check every link published to sites like YouTube. As a result, before downloading and installing anything from a website, a user should study it to see if it has a solid reputation and can be trusted.
Share it:



password stealing trojans

Sensitive data

Threat actors