DIGITAL LIFE
With 2.5 billion users worldwide, Google’s YouTube is undoubtedly the most popular video platform on the planet. And not just with legitimate users. I recently reported how hackers were going after YouTube creator accounts as part of an ongoing credential-stealing attack. Now, according to newly published security research, it appears that the threat has evolved with attackers using YouTube to distribute fake installers by way of trusted hosting services that stealthily evade detection and ultimately steal sensitive browser data, including user credentials. Here’s what you need to know.
YouTube Users Warned As Attackers Strike...While the problem of YouTube accounts being targeted by attackers is not a new one, and YouTube itself has even introduced a new AI bot to help impacted account holders get their access back, this latest research comes with a far more dangerous warning: all 2.5 billion YouTube users are at risk.
In the Jan. 10 report(https://www.trendmicro.com/en_us/research/25/a/how-cracks-and-installers-bring-malware-to-your-device.html), Trend Micro incident response analyst Ryan Maglaque, threats analyst Jay Nebre, and associate security analyst Allixon Kristoffer Francisco, revealed how attackers are using YouTube and other social media platforms as part of their campaigns that are spreading download links for fake software installers by leveraging the trust users have in such sites in order to drive the clicks that end up with credential-stealing malware installed on their devices. Those links, for pirated movies or cracked software, are the key to these hack attacks.
“Victims are lured into piracy by individuals posing as guides on popular video-sharing platforms like YouTube,” the analysts explained, “these deceitful actors create a pretense of offering legitimate software installation tutorials to entice viewers to click on malicious links in the video descriptions or comments.”
The YouTube Hack Attack Flow...The report highlighted how an attacker lures victims in with a YouTube video posing as a tutorial, in this case for how to get a free download of cracked Adobe Lightroom software. The first comment to the video contains a link, which, in turn, opens yet another YouTube post that contains the actual malicious link for the fake installer download. This link is found on a legitimate large file-hosting site “as another layer to obscure its download further and evade detection,” the report stated.
These hack attacks that begin on YouTube are particularly dangerous as they employ a number of methods to maintain their stealthiness and evade detection. These include, the analysts said:
Utilization of large file size in order to bypass defensive sandbox capabilities.
Password-protected zip files impede content scanning, and these also serve to make investigations more complicated if the password is not available.
By uploading the files to known media-sharing sites, antivirus protections will often “only detect if the exact link is discovered before the download.”
The hacking campaign also employs legitimate files using dynamic link library side loading or process injection in order to execute the malicious credential-stealing payload.
I have reached out to YouTube for a statement. In the meantime, I recommend checking out Google’s malware protection advice and, of course*https://support.google.com/google-ads/answer/2375413), not searching for ways to crack legitimate software and get it for free.
Davey Winder
No comments:
Post a Comment