Wednesday, April 24, 2024

Beware!! Hackers Distributing Spyware via Comments Section of YouTube Videos and Spy Your Windows PC

Newly discovered a powerful spyware distributed via YouTube Videos comments sections and the spyware is capable of steal files and other confidential information from infected devices.

A Malicious Link that distributed via YouTube comments focusing on a computer game called cheats and trainers related videos that make easier to play the computer games.

Cybercriminal generates a malicious link that pointed to Yandex and leaving comments to videos with a link using fake accounts. Also, these malicious links are distributed through Twitter as well.

This Spyware discovered as Trojan.PWS.Stealer.23012 that was written in Python and transformed into an executable file using py2exe.

Cyber criminal are distributing this Spyware using Telegram channel where they are trying to touch with Channel administrator and invited them to write a post on a new program which is developed by them and suggested testing it.

Spyware Infection Operation via YouTube Videos

Once it completes the infection process, it scans all the infected disk searching for saved passwords and cookies files of Chromium-based browsers.

Also, a new version of this trojan steals information from Telegram, FileZilla FTP client, later it archived all the collected data that will be stored in  Yandex.Disk.

This Spyware Performing some modification and perform other malicious activities such as steals passwords and cookies files from Google Chrome, Opera, Yandex. Browser, Vivaldi, Kometa, Orbitum, Comodo, Amigo and Torch.

It Also attempts to access the Telegram account by copies the SSFN files from the config subfolder and it creates a copy of the images and documents which is stored in Desktop.

Finally, all the information packed and stored on to the cloud storage called pCloud and the attacker will gain the access those stolen files later.

Another Module that was Written in script language Autoit Drops 4 Malicious files

  • app.exe
  • scanner.exe
  • cloud.exe
  • w9xpopen.exe

According to DeWeb, It steals confidential information from infected devices. All the other Trojan components are written in Go. One of them scans discs searching for folders where browsers are installed, and another one packs stolen data into archives and loads them onto the pCloud storage.

The researcher also identified the Author is this Spyware and he was actively spreading it with the name of “Yenot Pogromist” and he sells it on the popular website.

The creator of spyware also has a YouTube channel dedicated to developing malicious software and has his own GitHub page where he posts the source code of his malicious programs.

The creator of spyware also has a YouTube channel dedicated to developing malicious software and has his own GitHub page where he posts the source code of his malicious programs. DrWeb Said.


Latest articles

Phishing Attacks Rise By 58% As The Attackers Leverage AI Tools

AI-powered generative tools have supercharged phishing threats, so even newbie attackers can effortlessly create...

Multiple MySQL2 Flaw Let Attackers Arbitrary Code Remotely

The widely used MySQL2 has been discovered to have three critical vulnerabilities: remote Code...

CoralRaider Hacker Evade Antivirus Detections Using Malicious LNK File

This campaign is observed to be targeting multiple countries, including the U.S., Nigeria, Germany,...

Spyroid RAT Attacking Android Users to Steal Confidential Data

A new type of Remote Access Trojan (RAT) named Spyroid has been identified.This...

Researchers Uncover that UK.GOV Websites Sending Data to Chinese Ad Vendor Analysts

Analysts from Silent Push, a data analytics firm, have uncovered several UK government websites...

Ransomware Victims Who Opt To Pay Ransom Hits Record Low

Law enforcement operations disrupted BlackCat and LockBit RaaS operations, including sanctions on LockBit members...

IBM Nearing Talks to Acquire Cloud-software Provider HashiCorp

IBM is reportedly close to finalizing negotiations to acquire HashiCorp, a prominent cloud infrastructure...
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.


Mastering WAAP/WAF ROI Analysis

As the importance of compliance and safeguarding critical websites and APIs grows, Web Application and API Protection (WAAP) solutions play an integral role.
Key takeaways include:

  • Pricing models
  • Cost Estimation
  • ROI Calculation

Related Articles