Hackers are using AI-generated YouTube videos to distribute info-stealing malware such as Raccoon, RedLine, and Vidar. The videos lure users by pretending to be tutorials on how to download free or cracked versions of software, such as Adobe Photoshop, Premiere Pro, Autodesk 3ds Max, and AutoCAD, which are only available to paid users.
CloudSEK researchers observed a 200–300% month-on-month increase in such videos containing links to stealer malware in the description section.
Hackers often obfuscate such links either using URL shorteners such as bit[.]ly and cutt[.]ly, or file hosting platforms such as Discord, GitHub, Google Drive, MediaFire, and Telegram's Telegra[.]ph.
Some links directly download the malicious zip file as well.
To make the videos appear at the top of the results, threat actors employ SEO poisoning techniques.
Hijacking top accounts
Hackers leverage previous data leaks and social engineering to take over popular legitimate YouTube accounts to reach a large audience in a short time span.
They feature AI-generated personas in videos, share screen recordings, and audio walkthroughs that come off as trustworthy to users and mislead them into downloading the cracked software.
Moreover, to evade YouTube's algorithm and review process, threat actors use region-specific tags, write fake comments with automated processes to add legitimacy, and continuously upload videos to keep up with takedowns.
This is a worrying trend, given that YouTube has more than 2.6 billion active monthly users, and not everyone on the platform is well-versed in ways to protect themselves from such tricks. Organizations are recommended to conduct awareness campaigns and implement adaptive threat monitoring to address constantly changing threats. Users are suggested to enable multi-factor authentication and refrain from installing files from unverified sources.