A newly found out malicious marketing campaign that distributes the RedLine Stealer infostealer comes with an excessively fascinating self-propagation mechanism, researchers have discovered.
Cybersecurity mavens from Kaspersky exposed new malware (opens in new tab) that logs into the YouTube accounts of compromised customers and uploads a video to their channel, which distributes RedLine Infostealer.
A sufferer, preferably a PC gamer, reveals a YouTube video on cracks, or cheats, for one in all their favourite video games: both FIFA, Final Fantasy, Forza Horizon, Lego Star Wars, or Spider-Man. In the video’s description are hyperlinks that declare to carry the ones cracks and cheats which, actually, host more than one malware bundled in combination.
In the package deal is RedLine Stealer, one of the crucial in style infostealers in this day and age, in a position to stealing (opens in new tab) passwords saved in other people’s browsers, cookies, bank card main points, fast messaging conversations, and cryptocurrency wallets.
The package deal additionally holds a cryptojacker, necessarily a cryptocurrency miner which makes use of the computing energy of the compromised endpoint to mine positive cryptocurrency for the attackers. Cryptocurrency mining generally calls for important GPU energy, one thing maximum avid gamers generally have.
But possibly maximum apparently, the package deal has 3 malicious executables, used for self-propagation. These are referred to as “MakiseKurisu.exe”, “obtain.exe”, and “add.exe”. MakiseKurisu is an infostealer that grabs browser cookies and shops them in the community.
Then, obtain.exe would clutch the faux crack video from a GitHub repository, and hand it over to add.exe, which might add it to the sufferer’s YouTube account, after the usage of cookies to log in.
If the sufferer isn’t an avid YouTube consumer, or has notifications became off, there’s a excellent probability the malicious video may just sit down on their YouTube channel for a very long time, sooner than being taken down.
“When the video is effectively uploaded to YouTube, add.exe sends a message to Discord with a hyperlink to the uploaded video,” Kaspersky explains.
- Here’s our rundown of the most productive firewalls (opens in new tab) to be had now
Via: BleepingComputer (opens in new tab)