Threat Actors Hack YouTube Channels to Distribute Infostealers

May 10, 2024, 2:25 p.m.

Description

This analysis reveals that malicious groups have been exploiting popular YouTube channels, including some with over 800,000 subscribers, to distribute various infostealer malware strains like Vidar and LummaC2. The attackers upload videos promoting cracked software with links to malicious payloads hosted on file-sharing platforms. Users unsuspectingly download these payloads, believing they are genuine installers, resulting in system infections and data theft.

External References

https://asec.ahnlab.com/en/63980/
https://otx.alienvault.com/pulse/663e25897a4e4f8b078a92a1
Tags
lummac2
malware distribution
2024-05-05
2024-05-06
2024-05-07
2024-05-08
vidar
youtube
infostealers
compromised accounts
2024-05-09
2024-05-10

Date

  • Created: May 10, 2024, 1:47 p.m.
  • Published: May 10, 2024, 1:47 p.m.
  • Modified: May 10, 2024, 2:25 p.m.

Indicators

  • f9ed651226a734f781e881141c88caa5f0a77e56458d0c567989b5797d39226f
  • https://worryfillvolcawoi.shop/api:
  • https://pillowbrocccolipe.shop/api:
  • https://interferencesandyshiw.shop/api:
  • https://enthusiasimtitleow.shop/api:
  • https://dismissalcylinderhostw.shop/api:
  • https://diskretainvigorousiw.shop/api:
  • https://communicationgenerwo.shop/api:
  • https://cleartotalfisherwo.shop/api:
  • https://chokepopilarvirusew.shop/api:
  • https://affordcharmcropwo.shop/api:
  • https://95.216.176.246
  • https://78.47.221.177
Download all indicators here!

Attack Patterns

  • LummaC2
  • Vidar
  • T1092
  • T1556
  • T1547.001
  • T1189
  • T1547
  • T1105
  • T1219
  • T1059