AI-generated YouTube Video Tutorials Spreading Infostealer Malware

MuzzMelbourne

Level 15
Thread author
Verified
Top Poster
Well-known
Mar 13, 2022
599
Threat actors have been increasingly observed using AI-generated YouTube Videos to spread a variety of stealer malware such as Raccoon, RedLine, and Vidar.

"The videos lure users by pretending to be tutorials on how to download cracked versions of software such as Photoshop, Premiere Pro, Autodesk 3ds Max, AutoCAD, and other products that are licensed products available only to paid users," CloudSEK researcher Pavan Karthick M said.

Just as the ransomware landscape comprises core developers and affiliates who are in charge of identifying potential targets and actually carrying out the attacks, the information stealer ecosystem also consists of threat actors known as traffers who are recruited to spread the malware using different methods.

One of the popular malware distribution channels is YouTube, with CloudSEK witnessing a 200-300% month-over-month increase in videos containing links to stealer malware in the description section.
 

Trident

Level 34
Verified
Top Poster
Well-known
Feb 7, 2023
2,349
A quick example of it. It looks like CozyBear. They came up with fake PirateBay dupes about a year ago that pushed similar inflated samples with crypto stealing malware as final payload.

The 1:16/1:26 video repeats thousand times and always links to these samples.

6183491A-2A9D-461A-84EB-2A8413DF2984.png

 
Last edited:

Shadowra

Level 36
Verified
Top Poster
Content Creator
Malware Tester
Well-known
Sep 2, 2021
2,595
I did a quick test, I found 2 fake videos of Ccleaner Pro containing the RedLine Stealer malware.
I tested with Avast... I was very surprised.

image.png

Capture d’écran 2023-03-19 134116.png

Kaspersky detected only 1 (HEUR:Trojan-Spy.Win32.Stealer.gen), Bitdefender detected both (Lazy and Flagator detection), Eset also saw both (Kryptik detection) and F-Secure also saw both (Avira detection on the 1st "TR/Crypt.XPACK.Gen" and "Trojan:W32/GenInflated.B" on the 2nd)
The others like Norton, Malwarebytes, K7 or others did not see anything
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top