Malware Distribution via YouTube Videos Up 300%
AI-Generated YouTube videos contain links to information-stealing malware such as Vidar, RedLine, and Raccoon.
An Increasing Number of YouTube Videos are Distributing Malware
Cybersecurity researchers at Cloudsek discovered that the number of AI-generated YouTube videos infected with and distributing malware has surged by 200-300% month-on-month.
Cloudsek assumed November 2022 as the base month of reference, post which AI-generated videos from Synthesia and D-ID that pretend to serve as a walkthrough for downloading and installing cracked software versions, including but not limited to Photoshop, Premiere Pro, Autodesk 3ds Max, AutoCAD, have exploded.
However, these videos contain links to information-stealing malware, also known as infostealers, such as Vidar, RedLine, and Raccoon. Links are obfuscated using URL shorteners (telegra.ph, bit.ly and cutt.ly being the most prominent), being linked to legitimate file hosting platforms such as mediafire.com, and through the use of links that directly download the malicious zip file.
“It is well known that videos featuring humans, especially those with certain facial features, appear more familiar and trustworthy,” Cloudsek researchers noted. “Hence, there has been a recent trend of videos featuring AI-generated personas, across languages and platforms (Twitter, Youtube, Instagram), providing recruitment details, educational training, promotional material, etc. And threat actors have also now adopted this tactic.”
YouTube, being one of the most popular social media platforms and the most popular video-sharing platform (2.6 billion+ monthly active users), can be a bountiful avenue for threat actors to find victims. Cloudsek noted that since YouTube regularly reviews those affected by videos, it is difficult for threat actors to have long-term active accounts, given they are banned.
Cloudsek researchers added that cybercriminals usually target YouTube accounts with 100K+ subscribers to borrow their credibility and use it to target the subscribers through malicious videos. Before the video is flagged as a risk, hundreds of users can potentially fall prey to malware.
Targeted YouTube Accounts With Infostealers | Source: Cloudsek
See More: Pirated Final Cut Pro Trojanized With Stealth Malware to Target Apple macOS
Additionally, five to ten crack software download video tutorials with links to infostealers are uploaded every hour. The idea is that even if YouTube identifies and takes down previous videos, there should be an unreported video ready to serve the malicious purpose of threat actors.
As an extra step, the hackers are also commenting through fake accounts of the contents of the video (and the malicious links) working for them.
Moreover, the hackers are also leveraging search engine optimization (SEO) to show their videos in top results. “Threat actors add an exhaustive list of tags that will deceive the YouTube algorithm to recommend the video and ensure it appears as one of the top results. While the tags include keywords relevant to the software, it also includes random keywords in different languages,” Cloudsek said.
A simple mitigation measure could be refraining from downloading pirated software. Users can also leverage multi-factor authentication and avoid navigating to unknown links.
Let us know if you enjoyed reading this news on LinkedIn, Twitter, or Facebook. We would love to hear from you!
Image source: Shutterstock
MORE ON CYBERSECURITY THREATS
