A few months ago, we told you about these YouTube videos whose description actually hides malware. The strategy is as simple as it is formidable: post videos promoting alleged cheat software for Valorant and trick inattentive gamers into downloading the malware. Terribly effective then, but a problem remains: pirates must manually take control of a YouTube channel and post the video there.
A few months later, it seems that the method has evolved a lot. This is indeed what a new investigation by Kaspersky reveals, which, initially, points to the growing ambitions of hackers. Formerly focused on Valorant, the latter are now extending their operations to players of FIFA, Final Fantasy, Forza Horizon, Lego Star Wars, or even Marvel’s Spider-Man.
They hack YouTube channels to automatically spread their malware
The malware hidden in the descriptions is always the same, namely RedLine, a particularly dangerous software that can steal a lot of confidential information, such as passwords, bank details, browser cookies and other private conversations. The latter is also very popular with pirates, since it is currently hiding in many cracked software.
Note that hackers have since taken the opportunity to add a cryptocurrency mining program that takes control of the victim’s graphics card. But that’s not Kaspersky’s most disturbing discovery. In effect, RedLine now automatically streams to YouTube, without hackers having to intervene anymore. For this, they have added three executable files to their package.
Related — WordPress: Watch out for this fake Cloudflare page, it’s downloading dangerous malware
The first, baptized MakiseKurisu, is specifically responsible for steal the victim’s passwords having downloaded the malware, in the hope of finding the identifiers of a YouTube channel. The second, download.exe, is used to download a copy of the video promoting the fake cheat software or cracked game. Finally, upload.exe will post this video on freshly hacked youtube channelthus triggering a new cycle.