YouTube is the largest video streaming platform across the globe and millions of viewers login to its website from their computers to enjoy the massive collection of videos. But not many are aware that YouTube videos can also contain links to malware that can steal your sensitive financial data such as bank account number, CVV and pin.
According to researchers at AI cybersecurity firm CloudSEK, a massive 200-300% spike has been recorded in YouTube videos that contain dangerous banking malware. YouTube is a popular platform with over 2.5 billion active monthly users, making it an easy target for threat actors.
Termed Infostealers, these malware are spread via malicious downloads, fake websites and YouTube tutorials, infiltrate systems and steal information, which is uploaded to the attacker's Command and Control server.
"In a concerning trend, these threat actors are now utilising AI-generated videos to amplify their reach, and YouTube has become a convenient platform for their distribution," said Pavan Karthick, a CloudSEK researcher.
The research showed that 5-10 crack software download videos with malicious links are uploaded to YouTube every hour.
The videos contain deceptive tactics that mislead users into downloading malware, making it challenging for the YouTube algorithm to identify and remove them.
The researchers detected stealer malware such as Vidar, RedLine and Raccoon in YouTube videos from November 2022. These can steal passwords, credit card information, bank account numbers, and other confidential data.
These videos pretend to be tutorials on downloading cracked versions of licensed software, such as Adobe Photoshop, Premiere Pro, Autodesk 3ds Max, AutoCAD, and others, available only to paid users, said the report.
The threat actors also add fake comments to give legitimacy to the video.
"These comments trick users into believing the malware is legitimate. Moreover, using AI-generated videos featuring personas that appear more familiar and trustworthy is a growing trend among threat actors," the report mentioned. (with inputs from IANS)
No comments:
Post a Comment