According to CloudSek, YouTube videos with links to stealthy malware like Vidar, RedLine, and Raccoon in their descriptions have been increasing at a staggering rate. Reports suggest that there has been a 200–300% increase month-over-month since November 2022. They are capable of stealing bank account details, credit card numbers, passwords, and other private information.
Here’s How YouTube Viewers Are Fooled By These Viewers
These YouTube lessons trick viewers into downloading pirated copies of popular programmes like Photoshop, Premiere Pro, Autodesk 3ds Max, and AutoCAD, which are licenced goods that can only be obtained by users who pay. Once installed, they begin to steal data from computers and upload it to the attacker’s command and control server.
How Financial Information Is Stolen Through These Videos
The movies typically leverage a screen capture or voice demonstration of the programme download and installation procedures. Regrettably, there has been a significant rise in the use of AI-generated videos in the videos from websites like Synthesia and D-ID. It is fairly obvious that recordings with human subjects, particularly those with certain facial features, seem more trustworthy and familiar. Consequently, there has been a recent trend of films with AI-generated personas that offer recruitment information, educational training, promotional content, etc., across languages and platforms (Twitter, YouTube, Instagram).
The report goes on to say that cybercriminals hijack existing YouTube accounts by using stolen logs, phishing scams, and past data thefts. The major target of these fraudsters are intelligent and engaged users (with a significant number of subscribers and uploads) alongside less educated individuals. There have been countless incidents and complaints of security breaches to YouTube accounts. Threat actors aim for prominent accounts with 100K+ subscribers endeavoring to quickly reach a wide audience. Popular accounts typically notify their subscribers each time a new video is uploaded. Also, adding videos to such accounts adds to their authenticity. Such YouTubers will, however, denounce the account hacker to YouTube and regain control of their accounts within a few hours. However, these few hours are sufficient for hundreds of innocent users to fall prey to the crime as the hackers typically upload 5-6 videos to the account immediately.