Massive campaign uses YouTube to push password-stealing malware


Level 37
Thread author
Top poster
Feb 4, 2016
Widespread malware campaigns are creating YouTube videos to distribute password-stealing trojans to unsuspecting viewers.
Password stealing trojans are malware that quietly runs on a computer while stealing passwords, screenshots of active windows, cookies, credit cards stored in browsers, FTP credentials, and arbitrary files decided by the threat actors.
When installed, the malware will communicate with a Command & Control server, where it waits for commands to execute by the attacker, which could entail the running of additional malware.

Malicious YouTube videos gone wild​

Threat actors have long used YouTube videos as a way to distribute malware through embedded links in video descriptions.
However, this week has Cluster25 security researcher Frost told BleepingComputer that there has been a significant uptick in malware campaigns on YouTube pushing various password-stealing Trojans.

Andy Ful

From Hard_Configurator Tools
Top poster
Dec 23, 2014
It contains a well-known social engineering trick:
  1. Offer for free something that is not free.
  2. The fooled user is going to infect himself.
  3. The malware will steal users' online credentials and use them to propagate over the Internet.
The attacks start with the threat actors creating numerous YouTube channels filled with videos about software cracks, licenses, how-to guides, cryptocurrency, mining, game cheats, VPN software, and pretty much any other popular category.

The threat actors have thousands of new channels available because they infect new clients every day. As part of these attacks, they steal victim's Google credentials, which are then used to create new YouTube Videos to distribute the malware