Sunday, September 8, 2024
HomeCyber AttackThreat Actors Deliver Malware Using AI-Generated Youtube Videos

Threat Actors Deliver Malware Using AI-Generated Youtube Videos

Published on

The cybersecurity analysts at CloudSEK recently asserted that monthly YouTube videos containing links to stealer malware, such as Vidar, RedLine, and Raccoon, have increased by 200-300% since November 2022.

These videos are supposed to be tutorials; however, it has been reported that they are instructions on getting pirated versions of licensed software, such as:-

  • Adobe Photoshop
  • Premiere Pro
  • Autodesk 3ds Max
  • AutoCAD

This software can only be acquired by paying, but threat actors claim to provide the proper instructional guide to obtain them for free in these videos.

- Advertisement - EHA

According to the report shared by CloudSEK to cybersecuritynews.com, hackers are using YouTube video links to spread malware. A common technique used by cyber criminals is to post a video that appears to be legitimate but contains a malicious link in the description or within the video itself.

Information Stealer Ecosystem

Infostealer is specifically designed to steal sensitive information from the target computer. For example, it can steal passwords, credit card numbers, bank account numbers, and other sensitive information from the target system.

The intruder installs the info stealer system onto the computer. Once it is activated, it steals information from the computer and uploads it to the attacker’s command and control (C&C) server.

Here below, we have mentioned all data that are being targeted by the attackers from the victim’s system:

  • Passwords
  • Cookies
  • Extension data
  • Auto-fills
  • Credit card details
  • Debit card details
  • Crypto wallet data 
  • Crypto wallet credentials
  • Telegram data 
  • Telegram credentials
  • .txt files
  • Excel sheets
  • PowerPoint presentations
  • IP address
  • Malware path (Redline and Vidar only)
  • Timezone
  • Location
  • System specifications

Distributing malware via Youtube

Youtube is a popular platform for attackers to reach millions of users easily. It is still difficult for threat actors to maintain long-term active accounts on the platform due to the platform’s regulations and the review process.

It is common for the video to be removed and the account to be banned as soon as there appear to be a few users affected by the video.

In order to circumvent the platform’s algorithm and review process, threat actors are always looking for new ways to get around the algorithm.

Taking Over Popular & Less Popular Accounts

As a means of reaching a large audience in a short period of time, threat actors target popular accounts that have 100K or more subscribers.

In such a case, YouTubers should inform Youtube of the account thief, and they should be able to access their accounts within a few hours after they report them. But there is a possibility that hundreds of users could have fallen victim to this scam within a few hours.

In contrast, the average user, who does not upload videos on a regular basis on YouTube, may not even realize that their account has been taken over for a significant time as they do not upload videos regularly. 

Threat actors target these accounts despite the fact that their reach is limited, as videos uploaded to them remain available for extended periods of time.

Automated & Frequent Video Uploads

Security researchers have thoroughly investigated the frequency of uploading videos containing malicious links for crack software to Youtube. They have found that 5-10 such videos are posted every hour.

Regularly adding videos to the site helps to make up for the videos that are deleted or taken down. In addition, they ensure that the malicious videos will be accessible at any given time if a user searches for a tutorial on how to download cracked software.

Using Region-Specific Tags, Obfuscated Links, Fake Comments, and AI-Generated Videos

In order to deceive the YouTube algorithm, threat actors add a wealth of tags to the video that will make sure it appears as a top result and will deceive the YouTube algorithm into recommending the video to the user.

As a way of making their video look like a legitimate one, the threat actors also use fake comments and Region-Specific Tags.

Video featuring humans, especially those with certain facial features, undeniably gives viewers a sense of familiarity and trustworthiness. That’s why the threat actors use AI-Generated videos as well as obfuscated links.

Recommendations

As a result of the vast increase in threats to organizations, it is imperative to keep them protected. There has been a consensus among security experts that organizations need to adopt the following things:-

  • Robust threat monitoring practice to be more secure.
  • Make sure to closely monitor the changing Tactics, Techniques, and Procedures used by the threat actors.
  • Awareness campaigns must be conducted.
  • Ensure that users are equipped with the knowledge to identify potential threats in advance.
  • Make sure to use complex passwords and not use any user passwords.
  • Use a robust security system and AV tool.
  • Ensure that two-factor authentication is enabled.

Related Read:

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

Vulnerabilities in IBM Products Let Attackers Exploit & Launch DOS Attack

IBM has issued a security bulletin addressing critical vulnerabilities in its MQ Operator and...

BBTok Abuses Legitimate Windows Utility Command Tool to Stay Undetected

Cybercriminals in Latin America have increased their use of phishing scams targeting business transactions...

Predator Spyware Exploiting “one-click” & “zero-click” Flaws

Recent research indicates that the Predator spyware, once thought to be inactive due to...

Tropic Trooper Attacks Government Organizations to Steal Sensitive Data

Tropic Trooper (aka KeyBoy, Pirate Panda, and APT23) is a sophisticated cyberespionage APT group,...

Free Webinar

Decoding Compliance | What CISOs Need to Know

Non-compliance can result in substantial financial penalties, with average fines reaching up to $4.5 million for GDPR breaches alone.

Join us for an insightful panel discussion with Chandan Pani, CISO - LTIMindtree and Ashish Tandon, Founder & CEO – Indusface, as we explore the multifaceted role of compliance in securing modern enterprises.

Discussion points

The Role of Compliance
The Alphabet Soup of Compliance
Compliance
SaaS and Compliance
Indusface's Approach to Compliance

More like this

Vulnerabilities in IBM Products Let Attackers Exploit & Launch DOS Attack

IBM has issued a security bulletin addressing critical vulnerabilities in its MQ Operator and...

BBTok Abuses Legitimate Windows Utility Command Tool to Stay Undetected

Cybercriminals in Latin America have increased their use of phishing scams targeting business transactions...

Predator Spyware Exploiting “one-click” & “zero-click” Flaws

Recent research indicates that the Predator spyware, once thought to be inactive due to...