Researchers have found a malicious campaign exploiting seemingly legit YouTube accounts. The campaign involves uploading pirated software videos on YouTube, which actually redirect users to malicious links delivering three malware simultaneously.
Pirated Software Videos On YouTube Make Users Install Three Different Malware
According to a recent report from FortiGuard Labs, their researchers have discovered an ongoing malicious campaign exploiting YouTube. As observed, the threat actors behind this campaign deliver three malware to the victim machines by tricking users into downloading them via falsified YouTube videos for downloading pirated software.
Though the concept isn’t new, as some previous reports already exist about exploiting YouTube videos for spreading malware. However, what’s peculiar with this campaign is the delivery of three types of malware – a cryptominer (XMRig), a data stealer (Vidar stealer), and a clipboard hijacker (Laplas clipper).
According to Fortinet, the videos spreading these malware, expectedly, do not include any malicious scripts themselves. Instead, they simply demonstrate the steps, apparently to download the cracked software, while tricking the users into downloading the malware. The videos use various popular subscription-based software names, such as Adobe Acrobat, which users often seek to get for free.
Nonetheless, a keen user may not fall victim to these videos as they usually display irrelevant static images.
Still, the campaign seemingly inputs more effort into achieving credibility as malicious videos often appear from legit accounts. As observed, many such YouTube accounts boast huge numbers of followers (even millions). After uploading the videos in batches (over several hours), the videos would disappear from one account and appear on another. It indicates that the attackers may have hacked those YouTube accounts to trick users.
Moreover, the campaign strives to escape attention by attempting to deliver the promised service – the cracked software – too. For this, alongside the three malicious executables that remain invisible to the user, the campaign also delivers a visible executable that serves as the crack downloader.
Stay Wary Of Malware, Even On YouTube
Although YouTube is a trusted platform, and the videos uploaded there, despite being from unofficial users, often display legitimate ways to resolve public issues, like downloading cracked tools. Yet, this malicious campaign shows how this trusted platform can also cause harm in sneaky ways.
Therefore, users must remain vigilant when performing such feats. Essentially, users must avoid following instructions randomly without verifying the viability of the procedures shown in a video. Similarly, users must secure their devices with robust antimalware solutions to immediately repel any potential malware intrusions.
Let us know your thoughts in the comments.