Beware of game cheat uploads in YouTube video descriptions
Security researchers have discovered a new malware attack designed to hijack a Windows PC and spread the attack to a victim’s YouTube account via malicious links.
The attack unfolds via bundles of malicious files promoted on YouTube videos, according to(Opens in a new window) to the anti-virus provider Kaspersky. The videos claim to offer ways to hack and cheat on several popular games such as DayZ, Forza Horizon 5, and Dying Light 2, among others.
To access the cheats, the videos prompt the user to upload a set of files, usually hosted through the telegra.ph domain or on mediafire.com, which can be found in the video description. But in reality, victims download a self-extracting RAR archive, which includes a password-stealing program called Redline.
“The thief can steal usernames, passwords, cookies, credit card details, and autofill data from Chromium and Gecko-based browsers,” Kaspersky researchers warned. Additionally, Redline can allow hackers to hijack a PC to install other programs and execute commands on a browser.
But perhaps the attack’s most interesting ability is how it can spread. Kaspersky noted that several files in the malicious package are also designed to repost videos to the victim’s YouTube account to further spread the attack.
According(Opens in a new window) In Kaspersky, a malicious bundle program called MakiseKurisu.exe is designed to extract Internet cookies from the victim’s browser in order to gain access to the victim’s YouTube account. A pair of other programs will then fetch and repost the videos to the victim’s YouTube account in an effort to spread the attack to more users.
Recommended by our editors
The technique highlights how hackers can exploit alleged game cheats to trick unsuspecting users into downloading malware. “Gamers are one of the most popular groups targeted by cybercriminals,” Kaspersky researcher Oleg Kupreev says in the report. “Our advice would be to choose sources carefully to quench your thirst for gaming and not to download suspicious archives from untrusted accounts.”
The attack continues to circulate on several YouTube videos, so watch out for links using telegra.ph or mediafire.com domains.
Do you like what you read ?
Register for Security Watch newsletter for our top privacy and security stories delivered straight to your inbox.