These YouTube gaming videos are spreading malware
Self-seeding malware spreading through malicious YouTube videos
When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.
A newly discovered malicious campaign that distributes the RedLine Stealer infostealer comes with a very interesting self-propagation mechanism, researchers have found.
Cybersecurity experts from Kaspersky uncovered newmalwarethat logs into theYouTubeaccounts of compromised users and uploads a video to their channel, which distributes RedLine Infostealer.
A victim, ideally a PC gamer, finds a YouTube video on cracks, or cheats, for one of their favorite games: either FIFA,Final Fantasy, Forza Horizon, LegoStar Wars, or Spider-Man. In the video’s description are links that claim to hold those cracks and cheats which, in fact, host multiple malware bundled together.
Cryptojackers, infostealers
In the bundle is RedLine Stealer, one of the most popular infostealers nowadays, capable ofstealingpasswords stored in people’s browsers, cookies, credit card details, instant messaging conversations, and cryptocurrency wallets.
The bundle also holds a cryptojacker, essentially a cryptocurrency miner which uses the computing power of the compromised endpoint to mine certain cryptocurrency for the attackers. Cryptocurrency mining usually requires significant GPU power, something most gamers usually have.
But perhaps most interestingly, the bundle has three malicious executables, used for self-propagation. These are called “MakiseKurisu.exe”, “download.exe”, and “upload.exe”. MakiseKurisu is an infostealer that grabs browser cookies and stores them locally.
A nasty new infostealer malware is landing in email inboxes>Here’s another good reason not to download pirated software>Protect against DDoS attacks with these solutions
Then, download.exe would grab the fake crack video from a GitHub repository, and hand it over to upload.exe, which would upload it to the victim’s YouTube account, after using cookies to log in.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
If the victim isn’t an avid YouTube user, or has notifications turned off, there is a good chance the malicious video could sit on their YouTube channel for a long time, before being taken down.
“When the video is successfully uploaded to YouTube, upload.exe sends a message to Discord with a link to the uploaded video,” Kaspersky explains.
Via:BleepingComputer
Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.
This new malware utilizes a rare programming language to evade traditional detection methods
A new form of macOS malware is being used by devious North Korean hackers
Belkin SoundForm Wired Earbuds with USB-C Connector review: sadly, these live up to their nominal price tag
