Saturday, December 2, 2023

Beware!! Hackers Distributing Spyware via Comments Section of YouTube Videos and Spy Your Windows PC

Newly discovered a powerful spyware distributed via YouTube Videos comments sections and the spyware is capable of steal files and other confidential information from infected devices.

A Malicious Link that distributed via YouTube comments focusing on a computer game called cheats and trainers related videos that make easier to play the computer games.

Cybercriminal generates a malicious link that pointed to Yandex and leaving comments to videos with a link using fake accounts. Also, these malicious links are distributed through Twitter as well.

This Spyware discovered as Trojan.PWS.Stealer.23012 that was written in Python and transformed into an executable file using py2exe.

Cyber criminal are distributing this Spyware using Telegram channel where they are trying to touch with Channel administrator and invited them to write a post on a new program which is developed by them and suggested testing it.

Spyware Infection Operation via YouTube Videos

Once it completes the infection process, it scans all the infected disk searching for saved passwords and cookies files of Chromium-based browsers.

Also, a new version of this trojan steals information from Telegram, FileZilla FTP client, later it archived all the collected data that will be stored in  Yandex.Disk.

This Spyware Performing some modification and perform other malicious activities such as steals passwords and cookies files from Google Chrome, Opera, Yandex. Browser, Vivaldi, Kometa, Orbitum, Comodo, Amigo and Torch.

It Also attempts to access the Telegram account by copies the SSFN files from the config subfolder and it creates a copy of the images and documents which is stored in Desktop.

Finally, all the information packed and stored on to the cloud storage called pCloud and the attacker will gain the access those stolen files later.

Another Module that was Written in script language Autoit Drops 4 Malicious files

  • app.exe
  • scanner.exe
  • cloud.exe
  • w9xpopen.exe

According to DeWeb, It steals confidential information from infected devices. All the other Trojan components are written in Go. One of them scans discs searching for folders where browsers are installed, and another one packs stolen data into archives and loads them onto the pCloud storage.

The researcher also identified the Author is this Spyware and he was actively spreading it with the name of “Yenot Pogromist” and he sells it on the popular website.

The creator of spyware also has a YouTube channel dedicated to developing malicious software and has his own GitHub page where he posts the source code of his malicious programs.

The creator of spyware also has a YouTube channel dedicated to developing malicious software and has his own GitHub page where he posts the source code of his malicious programs. DrWeb Said.


Latest articles

Active Attacks Targeting Google Chrome & ownCloud Flaws: CISA Warns

The CISA announced two known exploited vulnerabilities active attacks targeting Google Chrome & own...

Cactus Ransomware Exploiting Qlik Sense code execution Vulnerability

A new Cactus Ransomware was exploited in the code execution vulnerability to Qlik Sense...

Hackers Bypass Antivirus with ScrubCrypt Tool to Install RedLine Malware

The ScrubCrypt obfuscation tool has been discovered to be utilized in attacks to disseminate the RedLine Stealer...

Hotel’s Hacked Logins Let Attacker Steal Guest Credit Cards

According to a recent report by Secureworks, a well-planned and advanced phishing attack was...

Critical Zoom Vulnerability Let Attackers Take Over Meetings

Zoom, the most widely used video conferencing platform has been discovered with a critical...

Hackers Using Weaponized Invoice to Deliver LUMMA Malware

Hackers use weaponized invoices to exploit trust in financial transactions, embedding malware or malicious...

US-Seized Crypto Currency Mixer Used by North Korean Lazarus Hackers

The U.S. Treasury Department sanctioned the famous cryptocurrency mixer Sinbad after it was claimed...
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

API Attack Simulation Webinar

Live API Attack Simulation

In the upcoming webinar, Karthik Krishnamoorthy, CTO and Vivek Gopalan, VP of Products at Indusface demonstrate how APIs could be hacked.The session will cover:an exploit of OWASP API Top 10 vulnerability, a brute force account take-over (ATO) attack on API, a DDoS attack on an API, how a WAAP could bolster security over an API gateway

Related Articles