Beware Sport Cheat Downloads in YouTube Video Descriptions


Safety researchers have came upon a brand new malware assault that’s designed to hijack a Home windows PC and unfold the assault on a sufferer’s YouTube account via malicious hyperlinks. 

The assault deploys by means of malicious document bundles promoted on YouTube movies, in accordance(Opens in a brand new window) to the antivirus supplier Kaspersky. The movies declare to provide tactics to hack and cheat at a number of widespread video games corresponding to DayZ, Forza Horizon 5, and Demise Gentle 2, amongst others. 

To realize get right of entry to to the cheats, the movies trap the person to obtain a document package deal—generally hosted by means of the area or on—which will also be discovered within the video’s description. However in fact, sufferers are downloading a self-extracting RAR archive, which incorporates a password-stealing program known as Redline.

Examples of the attack

(Credit score: Kaspersky)

“The stealer can plunder usernames, passwords, cookies, credit card main points and autofill information from Chromium- and Gecko-based browsers,” Kaspersky researchers warned. As well as, Redline can permit the hackers to hijack a PC to put in different systems and execute instructions on a browser.  

However most likely the assault’s maximum fascinating skill is the way it can self-propagate. Kaspersky famous that a number of information within the malicious bundle also are designed to re-post movies at the sufferer’s YouTube account to unfold the assault once more. 

Another example

(Credit score: YouTube)

In accordance(Opens in a brand new window) to Kaspersky, a program within the malicious package deal known as MakiseKurisu.exe is designed to extract web cookies from the sufferer’s browser to achieve get right of entry to to the sufferer’s YouTube account. A couple of alternative systems will then fetch and re-post movies to the sufferer’s YouTube account so as to unfold the assault to extra customers.

The methodology underscores how hackers can exploit intended sport cheats to trick unsuspecting customers into downloading malware. “Avid gamers are some of the widespread teams focused through cybercriminals,” Kaspersky researcher Oleg Kupreev says within the record. “Our recommendation can be to rigorously pick out the assets to quench your gaming thirst and don’t obtain any suspicious archives from unreliable accounts.”

The assault continues to flow into on a number of YouTube movies, so be careful for hyperlinks the usage of or domain names.

Like What You are Studying?

Join SecurityWatch publication for our best privateness and safety tales delivered proper in your inbox.

This article would possibly comprise promoting, offers, or associate hyperlinks. Subscribing to a publication signifies your consent to our Phrases of Use and Privateness Coverage. It’s possible you’ll unsubscribe from the newsletters at any time.