AI-generated YouTube Video Tutorials Spreading Infostealer Malware


Level 15
Thread author
Top Poster
Mar 13, 2022
Threat actors have been increasingly observed using AI-generated YouTube Videos to spread a variety of stealer malware such as Raccoon, RedLine, and Vidar.

"The videos lure users by pretending to be tutorials on how to download cracked versions of software such as Photoshop, Premiere Pro, Autodesk 3ds Max, AutoCAD, and other products that are licensed products available only to paid users," CloudSEK researcher Pavan Karthick M said.

Just as the ransomware landscape comprises core developers and affiliates who are in charge of identifying potential targets and actually carrying out the attacks, the information stealer ecosystem also consists of threat actors known as traffers who are recruited to spread the malware using different methods.

One of the popular malware distribution channels is YouTube, with CloudSEK witnessing a 200-300% month-over-month increase in videos containing links to stealer malware in the description section.


Level 28
Top Poster
Feb 7, 2023
A quick example of it. It looks like CozyBear. They came up with fake PirateBay dupes about a year ago that pushed similar inflated samples with crypto stealing malware as final payload.

The 1:16/1:26 video repeats thousand times and always links to these samples.


Last edited:


Level 34
Top Poster
Content Creator
Malware Tester
Sep 2, 2021
I did a quick test, I found 2 fake videos of Ccleaner Pro containing the RedLine Stealer malware.
I tested with Avast... I was very surprised.


Capture d’écran 2023-03-19 134116.png

Kaspersky detected only 1 (HEUR:Trojan-Spy.Win32.Stealer.gen), Bitdefender detected both (Lazy and Flagator detection), Eset also saw both (Kryptik detection) and F-Secure also saw both (Avira detection on the 1st "TR/Crypt.XPACK.Gen" and "Trojan:W32/GenInflated.B" on the 2nd)
The others like Norton, Malwarebytes, K7 or others did not see anything

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.