Threat actors have traditionally exploited embedded links in video descriptions to deliver malware via YouTube videos. According to Frost, a security researcher, there has been a significant increase in malware campaigns on YouTube promoting various password-stealing Trojans. This technique is being used by widespread malware operations to distribute password-stealing trojans to unsuspecting users.
Attackers are using thousands of videos and channels to exploit the users. They are promoting Redline malware and Racoon Stealer, which can steal Google account credentials to launch a new channel to promote the malware.
When the malware is installed, it will interact with a Command & Control server, where it will wait for the attacker to issue commands, which may include the execution of new malware.
The malware will scan all installed browsers as well as the computer for cryptocurrency wallets, credit cards, passwords, and other sensitive information before sending it back to the attacker.
Google responded that “We are aware of this campaign and are currently taking action to block activity by this threat actor and flagging all links to Safe Browsing.”
These malware attacks demonstrate the importance of downloading programmes from only trusted websites. Double-check the credibility of the sites before downloading any kind of application from any site.