Cybercriminals have discovered a new revenue model. They use YouTube videos to get people to download malware. This is according to research by Cyble Research Labs. Researchers found more than eighty videos on the service, which had not been viewed often and came from the same user.
The videos are centered around explaining certain software. They are about software that allows you to mine bitcoins. This is a complicated process for many people, so a tutorial like this comes in handy. The person in the video recommends that viewers download his program, but it is better not to.
Spreading malware via YouTube
Of course, there is a link in the video description, on YouTube, that leads to a website where you download the program. You need a password to get in, which makes many viewers think this is legit. Further, you see that a virus program called VirusTotal says that the link is okay and that your own virus protection may give a “false positive” after downloading.
The video platform (Image: ANP/Rob Engelaar)
So everything is neatly explained and explained, which is why some people are tempted to fall for it. But please don’t fall for it. Because the malware, called PennyWise, collects large amounts of data and sends it to external parties. Think of system information, login data and master passwords.
A danger to everyone
Furthermore, the malware steals tokens from Discord and Telegram and takes screenshots. It also scans for wallets for your crypto coins, cold storage wallet data and crypto-related browser add-ons. After all the data is captured and sent, the malware deletes itself. You won’t notice anything in the meantime.
The malware recognizes when you are working in a sandbox or when an analysis tool is active in the background. It then stops working. Even if you live in Belarus, Ukraine, Russia or Kazakhstan you have nothing to fear. Do you spend a lot of time on YouTube? Then pay extra attention to these kinds of videos in the coming months.
