YouTube users beware! Numerous malicious videos are spreading password-stealing malware to their viewers in the latest campaign.
This picture taken in Moscow on October 12, 2021 shows the logo of Youtube social media on a smartphone screen
Google's Threat Analysis Group or TAG previously warned its high-profile YouTube creators about a cookie-stealing malware last Oct. 20.
It turns out that threat actors are doing the phishing schemes way back in 2019 with about 15,000 targeting high-profile YouTube creators. What's more, the accounts of the victims are being sold on the dark web for only $3.
YouTube Videos Spread Password Stealing Malware
However, this time around, a security researcher found out that there is a new malware campaign on YouTube, seeing a significant uptick.
The security researcher that goes by the name Frost shared his latest discovery to BleepingComputer, noting that more YouTube videos are targeting its viewers with password-stealing Trojans.
The researcher further disclosed that out of thousands of malicious videos that are being posted on YouTube, the campaign specifically spread two kinds of malware, the Racoon Stealer and RedLine.
The said type of malware secretly makes it into the computer system. Then, it silently mines the personal information of the user in the background, which includes passwords, credit card credentials, cookies, and even screenshots of active windows.
That said, these Trojans could significantly expose the private information of the victim to the threat actors.
YouTube's Latest Phishing Campaign: How it Works
The security researcher went on to explain how the phishing scheme works, noting that the campaign still continues to grow.
Frost further said that the criminal minds start by using the YouTube accounts that they have stolen, which could be related to the earlier warning of Google to high-profile creators. If so, it turns out that threat actors are selling high-profile accounts on the dark web for schemes similar to this.
After which, the criminal minds will produce hundreds of videos using the stolen high-profile YouTube account.
It is worth noting that the malicious content usually talks about how-tos, gaming cheats, cryptocurrencies, and VPN apps.
Aside from the fact that the said topics are interesting to thousands, if not millions, of users, these typically require users to install an app from a link in the description.
However, the link on the description will instead lead to a tool that would install the malware on the computer of the user.
Read Also: Joker Malware Returns--Spyware Has Infected Over 500,000 Huawei Users Through Android Apps in April
YouTube Phishing Scheme: How to Avoid
Now that Frost exposed the scheme of these criminal minds, it just goes to show that downloading apps from a mere link on a YouTube video description needs to be avoided.
If ever a YouTube video shared a software via its description, the best thing to do is to research more about it and download it directly from reputable sources.
In addition, BleepingComputer further suggested in the same report that it would be better to upload the installer to VirusTotal's site to know if it does not plant any password-stealing malware.
Related Article: New GriftHorse Android Trojan Affects 10 Million Mobile Users! Some of the 200 Infected Apps Bypass Google Play Store
This article is owned by Tech Times
Written by Teejay Boris
