Threat actors used YouTube videos containing content related to cracking software to trick users into downloading information called Lumma to steal malware.
“These YouTube videos often contain content related to cracked applications, provide users with similar installation guides, and contain malicious URLs that are often shortened using services such as TinyURL and Cuttly,” Fortinet FortiGuard Labs researcher Cara Lin said in Monday’s analysis. “
This isn’t the first time that pirated software videos on YouTube have become effective bait for stealing malware. Similar attack chains have previously been observed delivering stealers, cutters, and cryptocurrency mining malware.
In the process, threat actors can not only use infected machines to steal information and cryptocurrency, but also abuse resources for illegal mining.
In the latest attack sequence documented by Fortinet, users searching YouTube for cracked versions of legitimate video editing tools like Vegas Pro were prompted to click on a link in the video description, which led to the download of a fake installer hosted on MediaFire.
When the ZIP installer is unzipped, it provides a Windows shortcut (LNK) disguised as an installation file that downloads the .NET loader from the GitHub repository and then loads the stealer payload, but not before executing a Series of anti-virtual operations. Machine and anti-debugging checks.
Lumma Stealer, written in C and sold on underground forums since late 2022, is capable of collecting sensitive data and exfiltrating it to attacker-controlled servers.
Bitdefender warns of streamjacking attacks on YouTube in which cybercriminals take over high-profile accounts through phishing attacks that deploy RedLine Stealer malware to steal their credentials and session cookies, and ultimately facilitate various encryption Scam.
An 11-month-old AsyncRAT campaign was previously discovered that used phishing lures to download obfuscated JavaScript files, which were then used to remove remote access Trojans.
“The victims and their companies were carefully selected to amplify the campaign’s impact,” said AT&T Alien Labs researcher Fernando Martinez. “Some of the identified targets manage critical infrastructure in the United States.”
