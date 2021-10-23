Criminals use YouTube videos to spread account stealing malware

A few days after Google warned of a malicious campaign that sought to steal YouTube creator accounts, a new threat was detected on the video platform, using the platform’s own content to distribute Trojans that steal users’ passwords.

    • The information was given to the BleepingComputer website, by the digital security researcher known as Frost. According to the expert, the scams are carried out by two criminals, with each one distributing a threat, RedLine and Racoon Stealer.

    According to the researcher, more than 81 videos related to the threat and 81 channels were created in about 20 minutes. Criminals make use of stolen accounts to upload more content to YouTube, generating an endless growth cycle of content that leads to the attack.

    How the attack occurs

    The attack begins with the creation of multiple YouTube channels with videos on topics such as video game cheating, technology guides and tutorials, VPN software, and other popular platform categories.

    Example of video where RedLine is available for download. (Image: Screen Capture/Dácio Augusto/Canaltech)

    These videos always explain how to perform the thematic tasks from a specific program, which has the download link provided in the video description. If the link is compressed to the bit.ly extension, it leads to RedLine infection. Now, if the address is not shortened, it will take you to the page where Racoon Stealer contaminates the machine.

    When a computer is infected, threats scan all browsers and files present on the machine for cryptocurrency wallets, credit cards, passwords and other personal data, which are then sent to the criminals.

    Google sent a statement to the BleepingComputer website about the threat, where the company says it is aware of it and is already taking action. The tech giant also claims it is notifying all malicious links from this campaign to its Safe Browsing system, which alerts users when something suspicious is found.

    On Wednesday (20), Google’s Threat Analysis (TAG) group released the analysis of phishing campaigns that, since 2019, steal accounts from YouTube creators. The current threat is different, but it serves to show how even the tech giant’s services pose security risks

    If you are concerned about the threat, the main recommendation, in addition to using solutions antivirus, is to avoid as much as possible downloading files by descriptions of YouTube or unknown sites.

    Source: BleepingComputer

