Despite the best efforts of YouTube, scammers manage to conduct a cunning campaign.
Cybersecurity company Proofpoint reports that hackers distribute malware through YouTube channels that promote hacked video games. Cybercriminals place links in video descriptions to sites that deliver Vidar, StealC, and Lumma Stealer infostilers.
Scammers use compromised accounts of real users. We also found accounts that only worked for a few hours and were created exclusively for the distribution of malware.
Proofpoint expressed concern that such actions of scammers may affect children and adolescents, who often do not have experience in recognizing potentially malicious content and may be more likely to interact with it. Especially worryingly, the campaign is likely to affect users who play games on their home computers, which contain a large amount of personal and confidential information.
YouTube has already removed more than 24 accounts and malicious videos. A YouTube representative said that the platform has policies that prohibit users from posting content that violates YouTube's rules, including malware, in descriptions.
The malware was mainly distributed through links to MediaFire file hosting, but in some cases, links to Discord channels were used, which offered to download disguised malware.
Links to download malware in the video description
In one example, an account with 113,000 subscribers was compromised or sold to an attacker who started using it for malicious purposes. Previously, the account posted videos in Thai and was inactive for about a year, after which 12 new videos in English related to video games or software hacking were posted within 24 hours.
The channel in Thai was used to distribute infostilers
Proofpoint was unable to identify the hackers behind the campaign and was unable to attribute it to any known group, noting that the activity was divided into several separate clusters.
Thus, hackers target video game players who generally do not have the same resources or knowledge to defend against attacks as corporate users. While most of the compromises described probably won't result in large financial gains, players usually have access to some type of credit card, cryptocurrency, or other personal information that can be traded.
Cybersecurity company Proofpoint reports that hackers distribute malware through YouTube channels that promote hacked video games. Cybercriminals place links in video descriptions to sites that deliver Vidar, StealC, and Lumma Stealer infostilers.
Scammers use compromised accounts of real users. We also found accounts that only worked for a few hours and were created exclusively for the distribution of malware.
Proofpoint expressed concern that such actions of scammers may affect children and adolescents, who often do not have experience in recognizing potentially malicious content and may be more likely to interact with it. Especially worryingly, the campaign is likely to affect users who play games on their home computers, which contain a large amount of personal and confidential information.
YouTube has already removed more than 24 accounts and malicious videos. A YouTube representative said that the platform has policies that prohibit users from posting content that violates YouTube's rules, including malware, in descriptions.
The malware was mainly distributed through links to MediaFire file hosting, but in some cases, links to Discord channels were used, which offered to download disguised malware.
Links to download malware in the video description
In one example, an account with 113,000 subscribers was compromised or sold to an attacker who started using it for malicious purposes. Previously, the account posted videos in Thai and was inactive for about a year, after which 12 new videos in English related to video games or software hacking were posted within 24 hours.
The channel in Thai was used to distribute infostilers
Proofpoint was unable to identify the hackers behind the campaign and was unable to attribute it to any known group, noting that the activity was divided into several separate clusters.
Thus, hackers target video game players who generally do not have the same resources or knowledge to defend against attacks as corporate users. While most of the compromises described probably won't result in large financial gains, players usually have access to some type of credit card, cryptocurrency, or other personal information that can be traded.
