YouTube video game ‘hacks’ contain links to malware


Proofpoint has warned home computer users not to fall for a new campaign designed to trick them into clicking on malicious links in YouTube video descriptions.

The security vendor detected infostealer malware, including Vidar, StealC, and Lumma Stealer, distributed through the platform. It was disguised as pirated software and video game cracks and bundled with legitimate-looking content.

“The videos claim to show an end user how to download software or upgrade video games for free, but the link in the video descriptions leads to malware,” Proofpoint explained.

“Many accounts hosting malicious videos appear to have been compromised or acquired from legitimate users, but researchers also observed accounts likely created and controlled by actors, which are active for only a few hours and created exclusively to distribute software malicious. »

Learn more about YouTube threats: Information stealers spread via AI-generated YouTube videos

The provider informed YouTube of more than two dozen accounts and videos designed to spread malware in this way, which the video platform giant then removed.

Many games used as lures were deliberately chosen because they are popular with children, Proofpoint said, indicating that threat actors are trying to trick those who are less likely to follow online safety best practices.

It’s possible that they also used automated bots to inflate the view counts of these videos, making them appear more legitimate.

MediaFire and Discord links were commonly used to connect victims to infostealer malware, Added proof point.

The campaign features “multiple distinct groups of activity” and Proofpoint was unable to track activity for any specific single threat group.

“The techniques used are similar, however, including using video descriptions to host URLs leading to malicious payloads and providing instructions on disabling antivirus, as well as using files of similar sizes with bloat to try to circumvent detections,” he concludes.

“Based on the similarities between video content, payload delivery, and deception methods, Proofpoint believes that actors are systematically targeting non-professional users. »

Image credit: Chubo – my masterpiece /

Leave a comment