Security News > 2021 > October > Massive campaign uses YouTube to push password-stealing malware

Massive campaign uses YouTube to push password-stealing malware
2021-10-21 21:10

Widespread malware campaigns are creating YouTube videos to distribute password-stealing trojans to unsuspecting viewers.

Password stealing trojans are malware that quietly runs on a computer while stealing passwords, screenshots of active windows, cookies, credit cards stored in browsers, FTP credentials, and arbitrary files decided by the threat actors.

When installed, the malware will communicate with a Command & Control server, where it waits for commands to execute by the attacker, which could entail the running of additional malware.

Threat actors have long used YouTube videos as a way to distribute malware through embedded links in video descriptions.

The researcher said that thousands of videos and channels had been made as part of this massive malware campaign, with 100 new videos and 81 channels created in just twenty minutes.

The YouTube video's description includes an alleged link to the associated tool used to distribute the malware.


News URL

https://www.bleepingcomputer.com/news/security/massive-campaign-uses-youtube-to-push-password-stealing-malware/