Cybersecurity researchers at AhnLab Security Intelligence Center (ASEC) have uncovered a persistent campaign where attackers distribute proxyware malware through fake YouTube video download pages.
This operation, which mimics legitimate video downloading services, tricks users into installing malicious executables disguised as benign tools like WinMemoryCleaner.
The attackers leverage GitHub for malware hosting, a tactic consistent with prior incidents, leading to widespread infections particularly in South Korea.
By exploiting user searches for YouTube content, the malware propagates via pop-up ads or direct download links that appear with random probability, ensuring a stealthy infection chain that evades casual detection.
gbhackers.com
