Hackers are now abusing YouTube’s new submission rules to disseminate malware. One such malware campaign has been found targeting a gaming community on YouTube, to spread RedLine stealer.

Diving into details

The malware propagation campaign exploits Valorant cheat codes to lure players into downloading RedLine. The attackers offer a link to download an auto-aiming bot on a video description on the gaming community on YoutTube and ask the target to turn off their anti-malware software. Auto-aiming bots are in high demand as they aid the gamers in effortlessly increasing their rankings, making it easy for the attackers to trick victims. 

Post-installation 

  • Once executed, RedLine gathers all basic information about the target, along with other credentials such as screenshots, account credentials saved on web browsers, Telegram session files, Discord tokens, and crypto wallet files. 
  • The cryptocurrency wallets targeted include AtomicWallet, BitcoinCore, Armory, Electrum, Ethereum, Bytecoin, Monero, Zcash, Jaxx, LitecoinCore, DashCore, and Exodus.
  • Other information is stolen from FileZilla ( username & password, port number, and host address), Minecraft (level, ranking, and account credentials), and client sessions from Steam. 
  • The attacker, subsequently, makes a compressed file of the pilfered information and sends it to themselves via Discord WebHooks API. 

More RedLine news

RedLine is a pretty powerful infostealer and has already gained a massive amount of popularity among cybercriminals. Currently, it is the most widespread infostealer that is capable of harvesting a plethora of information.
  • Kraken, a new botnet under active development, was found propagating RedLine from October to December 2021. 
  • A cryptoscam in January was pushing Dark Crystal RAT, which further downloaded and executed TVRat and RedLine onto victims’ systems. 
  • A new RedLine strain was discovered spreading via emails using a fake Omicron stat counter app. The malware harvested credentials from VPN services. 

The bottom line

Pushing malware through game cheats on YouTube is not a new thing, however, it is something to be aware of. Malware can be spread through several platforms and therefore, it is highly recommended to refrain from installing illegal programs and using suspicious websites. Furthermore, do not download cheat tools that are not digitally signed.

Cyware Publisher

Publisher

Cyware