Hackers are spreading malware through YouTube channels promoting game cheats


WTF?! Gamers looking to download cheats and cracks should beware of links in YouTube video descriptions. Hackers may have compromised the channels hosting the videos, turning them into vectors for spreading malware that can steal login credentials.

A new report from Kaspersky describes a malware campaign targeting gamers through YouTube. The malware can steal various kinds of credentials from a victim’s system, then use them to trick more users. In March 2020, Kaspersky discovered a trojan that bundles together multiple malicious programs that hackers used to spread through spam e-mails or third-party loaders.

Once activated, the payload also known as RedLine can steal data from Chrome, Firefox and Chromium-based browsers, including autofill information, usernames, passwords, cookies, and banking credentials. It could also steal information from crypto wallets, instant messaging software, FTP, SSH, and VPN clients. Furthermore, the malware could open links in the system’s default browser to download and open programs.

From there, the malware can propagate using an even more elaborate scheme. It downloads videos onto a victim’s machine advertising cheats and cracks for many popular PC games, then uploading them to the victim’s YouTube channel. The descriptions for the uploaded videos contain links purporting to lead to the advertised hacks, but instead, they lead to the trojan that uploaded the videos.

The videos mention games including Final Fantasy XIV, Forza, Lego Star Wars, Rust, Spider-Man, Stray, VRChat, DayZ, F1 22, Farming Simulator, and more.

YouTube has already shut down the compromised channels, but users should watch out for suspicious links on the site in case this propagation method becomes more popular in the future.

The payload also contains crypto mining software. Gamers are more likely to have powerful GPUs installed which can mine crypto. Fortunately, after this year’s crypto crash and Ethereum’s “merge,” it’s far less likely that hackers will continue to seek graphics cards to mine since it’s become less profitable, so perhaps this may become one less security threat to worry about.

Users looking to actively defend against this malware, or who think they may already have been targeted, should know that the RedLine trojan contains files named as follows: Makisekurisu.exe, cool.exe, AutoRun.exe, download.exe, and upload.exe. AutoRun copies itself into the directory %APPDATA%MicrosoftWindowsStart MenuProgramsStartup, causing it to run every time Windows starts.



Source link

Related articles

Wipro Restricted (WIT) Q1 2027 Press Convention Name Transcript

Nisha ChandrasekaranSupervisor of Exterior Communications Welcome, everybody, to Wipro's First Quarter Earnings Press Convention. For these of us who're becoming a member of nearly, good morning, good afternoon, good night. My...

US assaults on Iran toll on

Simply an replace. Market motion is becomimg a bit jaded with the by no means ending assaults. Supportive for oil and the USD although. Iran media report hits on a minimum of two...

Founders Fund hires former OpenAI exec Ryan Beiermeister (and never due to her Mafia expertise)

Ryan Beiermeister has joined Founders Fund as a accomplice, she introduced on Monday. Beiermeister is well-known in Silicon Valley for numerous causes. For one, previous to this function, she spent about two years...

The EU says Instagram and Fb’s addictive design doubtless breaks its guidelines — and it needs autoplay and infinite scroll off by default

The European Fee stated on 10 July that the design of Instagram and Fb most likely breaks European regulation, in a preliminary discovering that Meta didn't do sufficient to maintain its platforms from...

How AI Impacts The Buyer Service Job Market

We all know that corporations proper now are closely investing in customer support applied sciences with embedded AI capabilities. Firms are utilizing these applied sciences to agentify the way in which that they...
spot_img

Latest articles

LEAVE A REPLY

Please enter your comment!
Please enter your name here

WP2Social Auto Publish Powered By : XYZScripts.com