Threat Actors Hack YouTube Channels to Distribute Infostealers
May 10, 2024, 2:25 p.m.
Tags
External References
Description
This analysis reveals that malicious groups have been exploiting popular YouTube channels, including some with over 800,000 subscribers, to distribute various infostealer malware strains like Vidar and LummaC2. The attackers upload videos promoting cracked software with links to malicious payloads hosted on file-sharing platforms. Users unsuspectingly download these payloads, believing they are genuine installers, resulting in system infections and data theft.
Date
Published: May 10, 2024, 1:47 p.m.
Created: May 10, 2024, 1:47 p.m.
Modified: May 10, 2024, 2:25 p.m.
Indicators
f9ed651226a734f781e881141c88caa5f0a77e56458d0c567989b5797d39226f
https://worryfillvolcawoi.shop/api:
https://pillowbrocccolipe.shop/api:
https://interferencesandyshiw.shop/api:
https://enthusiasimtitleow.shop/api:
https://dismissalcylinderhostw.shop/api:
https://diskretainvigorousiw.shop/api:
https://communicationgenerwo.shop/api:
https://cleartotalfisherwo.shop/api:
https://chokepopilarvirusew.shop/api:
https://affordcharmcropwo.shop/api:
https://95.216.176.246
https://78.47.221.177
Attack Patterns
LummaC2
Vidar
T1092
T1556
T1547.001
T1189
T1547
T1105
T1219
T1059