AI-generated YouTube Video Tutorials Spreading Infostealer Malware

[MuzzMelbourne]

Content source

https://thehackernews.com/2023/03/warning-ai-generated-youtube-video.html

Threat actors have been increasingly observed using AI-generated YouTube Videos to spread a variety of stealer malware such as Raccoon, RedLine, and Vidar.

"The videos lure users by pretending to be tutorials on how to download cracked versions of software such as Photoshop, Premiere Pro, Autodesk 3ds Max, AutoCAD, and other products that are licensed products available only to paid users," CloudSEK researcher Pavan Karthick M said.

Just as the ransomware landscape comprises core developers and affiliates who are in charge of identifying potential targets and actually carrying out the attacks, the information stealer ecosystem also consists of threat actors known as traffers who are recruited to spread the malware using different methods.

One of the popular malware distribution channels is YouTube, with CloudSEK witnessing a 200-300% month-over-month increase in videos containing links to stealer malware in the description section.

Warning: AI-generated YouTube Video Tutorials Spreading Infostealer Malware

Threat actors have been using AI-generated YouTube Videos to spread stealer malware such as Raccoon, RedLine, and Vidar.

thehackernews.com

 

[Ink]

It's one of the perks of using pirated software.

 

[Trident]

A quick example of it. It looks like CozyBear. They came up with fake PirateBay dupes about a year ago that pushed similar inflated samples with crypto stealing malware as final payload.

The 1:16/1:26 video repeats thousand times and always links to these samples.

Spoiler: CozyBear

Latest News On Fintech, Blockchain, Crowdfunding & More

Crowdfund Insider is the leading news website covering Fintech including, Blockchain, Crowdfunding, Digital Assets and more.

www.crowdfundinsider.com

 

[Shadowra]

There are also SnakeKeyloggers and LapusClipper used

 

[ForgottenSeer 98186]

It's one of the perks of using pirated software.

"Users want to use stuff"*

* = and then put the blame on everybody else except themselves

 

[Shadowra]

I did a quick test, I found 2 fake videos of Ccleaner Pro containing the RedLine Stealer malware.
I tested with Avast... I was very surprised.

Spoiler: Avast

Kaspersky detected only 1 (HEUR:Trojan-Spy.Win32.Stealer.gen), Bitdefender detected both (Lazy and Flagator detection), Eset also saw both (Kryptik detection) and F-Secure also saw both (Avira detection on the 1st "TR/Crypt.XPACK.Gen" and "Trojan:W32/GenInflated.B" on the 2nd)
The others like Norton, Malwarebytes, K7 or others did not see anything