Threat Actors Hack YouTube Channels to Distribute Infostealers

May 10, 2024, 2:25 p.m.

Tags
lummac2
malware distribution
2024-05-05
2024-05-06
2024-05-07
2024-05-08
vidar
youtube
infostealers
compromised accounts
2024-05-09
2024-05-10
External References
Description

This analysis reveals that malicious groups have been exploiting popular YouTube channels, including some with over 800,000 subscribers, to distribute various infostealer malware strains like Vidar and LummaC2. The attackers upload videos promoting cracked software with links to malicious payloads hosted on file-sharing platforms. Users unsuspectingly download these payloads, believing they are genuine installers, resulting in system infections and data theft.

Date

Published: May 10, 2024, 1:47 p.m.

Created: May 10, 2024, 1:47 p.m.

Modified: May 10, 2024, 2:25 p.m.

Indicators

f9ed651226a734f781e881141c88caa5f0a77e56458d0c567989b5797d39226f

https://worryfillvolcawoi.shop/api:

https://pillowbrocccolipe.shop/api:

https://interferencesandyshiw.shop/api:

https://enthusiasimtitleow.shop/api:

https://dismissalcylinderhostw.shop/api:

https://diskretainvigorousiw.shop/api:

https://communicationgenerwo.shop/api:

https://cleartotalfisherwo.shop/api:

https://chokepopilarvirusew.shop/api:

https://affordcharmcropwo.shop/api:

https://95.216.176.246

https://78.47.221.177

Download all indicators here!

Attack Patterns

LummaC2

Vidar

T1092

T1556

T1547.001

T1189

T1547

T1105

T1219

T1059