Saturday, July 20, 2024

Beware!! Hackers Distributing Spyware via Comments Section of YouTube Videos and Spy Your Windows PC

Newly discovered a powerful spyware distributed via YouTube Videos comments sections and the spyware is capable of steal files and other confidential information from infected devices.

A Malicious Link that distributed via YouTube comments focusing on a computer game called cheats and trainers related videos that make easier to play the computer games.

Cybercriminal generates a malicious link that pointed to Yandex and leaving comments to videos with a link using fake accounts. Also, these malicious links are distributed through Twitter as well.

This Spyware discovered as Trojan.PWS.Stealer.23012 that was written in Python and transformed into an executable file using py2exe.

Cyber criminal are distributing this Spyware using Telegram channel where they are trying to touch with Channel administrator and invited them to write a post on a new program which is developed by them and suggested testing it.

Spyware Infection Operation via YouTube Videos

Once it completes the infection process, it scans all the infected disk searching for saved passwords and cookies files of Chromium-based browsers.

Also, a new version of this trojan steals information from Telegram, FileZilla FTP client, later it archived all the collected data that will be stored in  Yandex.Disk.

This Spyware Performing some modification and perform other malicious activities such as steals passwords and cookies files from Google Chrome, Opera, Yandex. Browser, Vivaldi, Kometa, Orbitum, Comodo, Amigo and Torch.

It Also attempts to access the Telegram account by copies the SSFN files from the config subfolder and it creates a copy of the images and documents which is stored in Desktop.

Finally, all the information packed and stored on to the cloud storage called pCloud and the attacker will gain the access those stolen files later.

Another Module that was Written in script language Autoit Drops 4 Malicious files

  • app.exe
  • scanner.exe
  • cloud.exe
  • w9xpopen.exe

According to DeWeb, It steals confidential information from infected devices. All the other Trojan components are written in Go. One of them scans discs searching for folders where browsers are installed, and another one packs stolen data into archives and loads them onto the pCloud storage.

The researcher also identified the Author is this Spyware and he was actively spreading it with the name of “Yenot Pogromist” and he sells it on the popular website.

The creator of spyware also has a YouTube channel dedicated to developing malicious software and has his own GitHub page where he posts the source code of his malicious programs.

The creator of spyware also has a YouTube channel dedicated to developing malicious software and has his own GitHub page where he posts the source code of his malicious programs. DrWeb Said.


Latest articles

Hackers Claiming Dettol Data Breach: 453,646 users Impacted

A significant data breach has been reported by a threat actor known as 'Hana,'...

CrowdStrike Update Triggers Widespread Windows BSOD Crashes

A recent update from cybersecurity firm CrowdStrike has caused significant disruptions for Windows users,...

Operation Spincaster Disrupts Approval Phishing Technique that Drains Victim’s Wallets

Chainalysis has launched Operation Spincaster, an initiative to disrupt approval phishing scams that have...

Octo Tempest Know for Attacking VMWare ESXi Servers Added RansomHub & Qilin to Its Arsenal

Threat actors often attack VMware ESXi servers since they accommodate many virtual machines, which...

TAG-100 Actors Using Open-Source Tools To Attack Gov & Private Orgs

Hackers exploit open-source tools to execute attacks because they are readily available, well-documented, and...

macOS Users Beware Of Weaponized Meeting App From North Korean Hackers

Meeting apps are often targeted and turned into weapons by hackers as they are...

Hackers Exploiting Legitimate RMM Tools With BugSleep Malware

Since October 2023, MuddyWater, which is an Iranian threat group linked to MOIS, has...
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Free Webinar

Low Rate DDoS Attack

9 of 10 sites on the AppTrana network have faced a DDoS attack in the last 30 days.
Some DDoS attacks could readily be blocked by rate-limiting, IP reputation checks and other basic mitigation methods.
More than 50% of the DDoS attacks are employing botnets to send slow DDoS attacks where millions of IPs are being employed to send one or two requests per minute..
Key takeaways include:

  • The mechanics of a low-DDoS attack
  • Fundamentals of behavioural AI and rate-limiting
  • Surgical mitigation actions to minimize false positives
  • Role of managed services in DDoS monitoring

Related Articles