YouTube has recently seen a surge in the number of videos with harmful links to infostealers in their descriptions, many of which use AI-generated personas to trick viewers into trusting them.
Cyber intelligence firm CloudSEK reports (opens in new tab) Since November 2022, there has been a massive 200-300% increase in content uploaded to video hosting websites, tricking viewers into installing well-known malware such as Vidar, RedLine and Raccoon.
The video pretends to be a tutorial showing how to download free illegal copies of popular paid design software such as Adobe Photoshop, Premiere Pro, Autodesk 3ds Max, and AutoCAD.
looks trustworthy
Tutorial videos have gotten more sophisticated, from screen recordings and audio-only walkthroughs to using AI to create realistic depictions of people to guide the viewer.
CloudSEK notes that AI-generated videos are on the rise in general and are being used for legitimate educational, recruitment, and promotional purposes, but are now also being used for malicious purposes. I’m here.
Infostealers, as the name suggests, infiltrate users’ systems, steal valuable personal information such as passwords and payment details, and send malicious downloads or links (such as those in video descriptions, as in this case). ) diffuses through This data is then uploaded to the attacker’s server.
CloudSEK addresses the fact that YouTube, with 2.5 billion monthly users, is a prime target for threat actors who use a variety of methods to trick algorithms in order to bypass the platform’s automated content review process To do.
These included using region-specific tags, adding fake comments to make videos look legitimate, and mass-posting multiple videos on the platform to make up for deleted or banned videos. will be CloudSEK found 5-10 of these malicious videos uploaded every hour.
Many hidden links are also used to optimize SEO. We also use random keywords in different languages to let the YouTube algorithm recommend them.
Links to link shortening services like bit.ly and file hosting services like MediaFire are also used to hide the maliciousness of the links.
CloudSEK researcher Pavan Karthick said: distribution. “
“Traditional string-based rules will prove ineffective against malware that dynamically generates strings or uses encrypted strings,” CloudSEK said. suggesting.
Instead, we encourage companies to adopt a more manual approach that closely monitors attacker tactics and techniques to correctly identify threats.
Additionally, CloudSEK suggests running an awareness campaign and shares simple advice such as refraining from clicking on unknown links and using multi-factor authentication to verify your account (ideally using an authenticator app).
