Hackers use videos on YouTube video hosting to distribute malware aimed at stealing digital assets.
The malware was discovered by security researcher Frost who routinely monitors YouTube videos for cryptocurrency scams that lead to malware, which in this particular case is the Predator the Thief information-stealing Trojan
#Youtube Video pushing #predator #stealer.
AV: 1/ 70
hash: e1c89acf2bbe555687b7c98af63c891a @mal_share //t.co/eD6Bpl6U4i@James_inthe_box @JAMESWT_MHT @BleepinComputer @P3pperP0tts @MisterCh0c @malwrhunterteam @JayTHL @JRoosen @fumik0_ pic.twitter.com/dD0VHSs4FJ
— hxFrost (@0xFrost) 11 ноября 2019 г.
The video advertises a tool that can generate private keys for bitcoin wallets.
The video description contains links to the archive on Google Drive, Yandex.Disk, and Mega with the trojanized program.
Downloading the program will infect users’ computers with the Predator the Thief Trojan virus which allows scammers to steal files, use a webcam and track crypto transactions as well as gain access to the victim’s clipboard.
Currently, videos uploaded by cybercriminals have gained thousands of views in total. The exact number of victims and the amount of damage are not reported. According to VirusTotal, 2 out of 71 antivirus programs are currently detecting the setup.exe file containing the trojan.
Experts advise victims of hackers to immediately change all the passwords including for financial accounts, web sites, chat services, and gaming services such as Steam and Battle.net.
More information can be found on Bleepingcomputer.
In October, specialists from the antivirus company ESET found traces of the cryptocurrency Casbaneiro Trojan in the descriptions for the YouTube video. The virus restricts the victim’s access to various banking sites and also replaces the victim’s cryptocurrency wallet with the fraudster’s address.