Hackers are spreading malware through YouTube channels promoting game cheats


WTF?! Gamers looking to download cheats and cracks should beware of links in YouTube video descriptions. Hackers may have compromised the channels hosting the videos, turning them into vectors for spreading malware that can steal login credentials.

A new report from Kaspersky describes a malware campaign targeting gamers through YouTube. The malware can steal various kinds of credentials from a victim’s system, then use them to trick more users. In March 2020, Kaspersky discovered a trojan that bundles together multiple malicious programs that hackers used to spread through spam e-mails or third-party loaders.

Once activated, the payload also known as RedLine can steal data from Chrome, Firefox and Chromium-based browsers, including autofill information, usernames, passwords, cookies, and banking credentials. It could also steal information from crypto wallets, instant messaging software, FTP, SSH, and VPN clients. Furthermore, the malware could open links in the system’s default browser to download and open programs.

From there, the malware can propagate using an even more elaborate scheme. It downloads videos onto a victim’s machine advertising cheats and cracks for many popular PC games, then uploading them to the victim’s YouTube channel. The descriptions for the uploaded videos contain links purporting to lead to the advertised hacks, but instead, they lead to the trojan that uploaded the videos.

The videos mention games including Final Fantasy XIV, Forza, Lego Star Wars, Rust, Spider-Man, Stray, VRChat, DayZ, F1 22, Farming Simulator, and more.

YouTube has already shut down the compromised channels, but users should watch out for suspicious links on the site in case this propagation method becomes more popular in the future.

The payload also contains crypto mining software. Gamers are more likely to have powerful GPUs installed which can mine crypto. Fortunately, after this year’s crypto crash and Ethereum’s “merge,” it’s far less likely that hackers will continue to seek graphics cards to mine since it’s become less profitable, so perhaps this may become one less security threat to worry about.

Users looking to actively defend against this malware, or who think they may already have been targeted, should know that the RedLine trojan contains files named as follows: Makisekurisu.exe, cool.exe, AutoRun.exe, download.exe, and upload.exe. AutoRun copies itself into the directory %APPDATA%MicrosoftWindowsStart MenuProgramsStartup, causing it to run every time Windows starts.



Source link

Related articles

Case Research: How JCPenney Scaled its B2B Resale Program

Managing returned stock throughout a number of areas isn't...

Astronomers Discovered the First Ambiance on a Planet in One other Star’s Liveable Zone

The seek for life past Earth has borne little fruit. That continues to be true, however scientists have some renewed hope. For the primary time, astronomers found an environment surrounding an exoplanet inside...

Friday File: Two Healthcare Buys

Inflation softened a bit in June, in the course of the “peace is breaking out” lull within the struggle, so these CPI numbers got here in as considerably encouraging this week… and the...

Alpha Futures Splits from NinjaTrader; Plus500 Shares Tumble

The week was marked by rising scrutiny of the retail prop buying and selling {industry} after a business dispute between a platform supplier and one of its shoppers sparked broader debate about infrastructure dependence and operational...

Galaxy Z Fold 8 reveals up on video as BTS joins Samsung’s hype prepare

TL;DR A member of the favored boy band group BTS just lately shared a video teasing one among Samsung’s upcoming foldables. The foldable in query seems to be the Galaxy Z Fold 8. The Galaxy Z...
spot_img

Latest articles

LEAVE A REPLY

Please enter your comment!
Please enter your name here

WP2Social Auto Publish Powered By : XYZScripts.com