Widespread malware campaigns are creating YouTube videos to distribute password-stealing trojans to unsuspecting viewers.
Password stealing trojans are malware that quietly runs on a computer while stealing passwords, screenshots of active windows, cookies, credit cards stored in browsers, FTP credentials, and arbitrary files decided by the threat actors.
When installed, the malware will communicate with a Command & Control server, where it waits for commands to execute by the attacker, which could entail the running of additional malware.
Malicious YouTube videos gone wild
Threat actors have
long used YouTube videos as a way to distribute malware through embedded links in video descriptions.
However, this week has
Cluster25 security researcher
Frost told BleepingComputer that there has been a significant uptick in malware campaigns on YouTube pushing various password-stealing Trojans.