How hackers are using YouTube videos to trick people into installing malware – Times of India

Clipped from: https://timesofindia.indiatimes.com/gadgets-news/explained-how-hackers-are-using-youtube-videos-to-trick-people-into-installing-malware/articleshow/92720155.cms

banner img

The malware that is being spread using the Youtube videos is called PennyWise which is capable of stealing all kinds of user data including — system information, login credentials, cookies, encryption keys and master passwords.

Security researchers have recently discovered that cybercriminals are misusing YouTube to spread a potent malware that is capable of stealing all kinds of information from your device. According to a report by TechRadar, researchers from Cyble Research Labs have come across more than 80 videos where all of them have “relatively few viewers” and also belong to the same user.
How do these Youtube videos try to trick victims?
As per the report, these YouTube videos demonstrate how to operate a particular bitcoin mining software in an attempt to convince viewers to download them. The report mentions that the download links can be found in the video’s description which comes in “a password-protected archive, to convince victims of its legitimacy.” Moreover, to make it look more real, the downloaded archive also includes a link to VirusTotal which shows the file as “clean” and also warns users that “some antivirus programs might trigger a false positive alert,” the report claims.
What is PennyWise and how does it affect its victims
The malware that is being spread using the Youtube videos is called PennyWise which is capable of stealing all kinds of user data including — system information, login credentials, cookies, encryption keys and master passwords. The report also states that this malware can also steal Discord tokens and Telegram sessions while taking screenshots along the way.
Apart from these, PennyWise can also scan the device for “potential cryptocurrency wallets, cold storage wallet data and crypto-related browser add-ons.” The malware collects all the above-mentioned data, compresses it into a single file and sends it over to a server under the attackers’ control before it self-destructs, the report suggests.
How PennyWise tries to hide from users
The report has also warned users that PennyWise is capable of analysing and being aware of its surroundings to ensure that it’s not “operating in a defended environment.” When the malware discovers that it’s in a sandbox or an analysis tool is running on the device, it immediately stops all actions it has deployed, the report claims.
Moreover, the researchers have also discovered that the malware tends to completely stop all its operations when it finds out that the victim’s endpoint is located in either Russia, Ukraine, Belarus, or Kazakhstan. The report also mentions that this behaviour offers some clue as to the affiliation of the operators.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s