Hackers are spreading malware through YouTube channels promoting game cheats


WTF?! Gamers looking to download cheats and cracks should beware of links in YouTube video descriptions. Hackers may have compromised the channels hosting the videos, turning them into vectors for spreading malware that can steal login credentials.

A new report from Kaspersky describes a malware campaign targeting gamers through YouTube. The malware can steal various kinds of credentials from a victim’s system, then use them to trick more users. In March 2020, Kaspersky discovered a trojan that bundles together multiple malicious programs that hackers used to spread through spam e-mails or third-party loaders.

Once activated, the payload also known as RedLine can steal data from Chrome, Firefox and Chromium-based browsers, including autofill information, usernames, passwords, cookies, and banking credentials. It could also steal information from crypto wallets, instant messaging software, FTP, SSH, and VPN clients. Furthermore, the malware could open links in the system’s default browser to download and open programs.

From there, the malware can propagate using an even more elaborate scheme. It downloads videos onto a victim’s machine advertising cheats and cracks for many popular PC games, then uploading them to the victim’s YouTube channel. The descriptions for the uploaded videos contain links purporting to lead to the advertised hacks, but instead, they lead to the trojan that uploaded the videos.

The videos mention games including Final Fantasy XIV, Forza, Lego Star Wars, Rust, Spider-Man, Stray, VRChat, DayZ, F1 22, Farming Simulator, and more.

YouTube has already shut down the compromised channels, but users should watch out for suspicious links on the site in case this propagation method becomes more popular in the future.

The payload also contains crypto mining software. Gamers are more likely to have powerful GPUs installed which can mine crypto. Fortunately, after this year’s crypto crash and Ethereum’s “merge,” it’s far less likely that hackers will continue to seek graphics cards to mine since it’s become less profitable, so perhaps this may become one less security threat to worry about.

Users looking to actively defend against this malware, or who think they may already have been targeted, should know that the RedLine trojan contains files named as follows: Makisekurisu.exe, cool.exe, AutoRun.exe, download.exe, and upload.exe. AutoRun copies itself into the directory %APPDATA%MicrosoftWindowsStart MenuProgramsStartup, causing it to run every time Windows starts.



Source link

Related articles

Professional Sees 80% Likelihood Of September Charge Minimize—What It Means For Crypto

Trusted Editorial content material, reviewed by main business consultants and seasoned editors. Advert Disclosure The Bitcoin and the crypto market witnessed important volatility on Friday, August 22, rallying arduous on the again of the...

Understanding EA Restoration Mechanisms: The Skilled Method – My Buying and selling – 24 August 2025

Let's deal with the elephant within the buying and selling room. You have seen the warnings: "Keep away from martingale EAs in any...

Notion’s offline mode may simply make me ditch Obsidian

Dhruv Bhutani / Android AuthorityNotion is considered one of my favourite instruments. From databases to to-do lists, monitoring eating places I wished to take a look at, and a lot extra, I’ve dabbled...

Ben Graham’s Folly: The Inventory Market Is By no means A Voting Machine (SPX)

This text was written byObserveJames A. Kostohryz has 20+ years of expertise as a world funding skilled. He has labored as an analyst at one of many world's largest asset administration corporations overlaying...
spot_img

Latest articles

LEAVE A REPLY

Please enter your comment!
Please enter your name here

WP2Social Auto Publish Powered By : XYZScripts.com