HQ/EMEAFind out how we can help your business
Security experts have uncovered a menacing campaign targeting YouTube users seeking pirated software, posing a significant threat to their online safety. This malicious operation involves verified YouTube channels, boasting a substantial subscriber base, which has been found uploading videos enticing viewers to download illicit software.
These downloads lead to deploying multiple malware strains, triggering various malicious activities, including credential harvesting, cryptojacking, and cryptocurrency funds theft from vulnerable wallets.
Cybercriminals carried out a targeted campaign by uploading malicious videos on YouTube, with a single account posting over 50 videos in just eight hours.
Each video promoted different pirated software but led users to the same URL. These URLs and passwords consisting of four numeric digits were conveniently placed in the video descriptions and comments section.
Once accessed, the URLs redirected users to a password-protected archive, such as “2O23-F1LES-S0ft.rar,” hosted on a file-sharing service platform. The RAR archive instructed potential victims to extract it using the provided password and run the [.]exe file, setting the stage for further malicious activities.
The attack consists of various malicious components, each with its purpose.
One such component is Launcher_S0FT-2O23.exe, which serves as the Vidar info-stealer. It cleverly appends over 1GB of unused bytes to the file, aiming to evade antivirus and sandboxes that struggle to scan large files due to limited CPU and RAM resources.
Another component, Laplas Clipper, acts as a vigilant observer, constantly monitoring the Windows clipboard for specific patterns obtained from the C2 server. It replaces the original recipient’s wallet address with the attacker’s, effectively diverting funds to the threat actor’s control.
Finally, Task32Main operates as an installer for the Monero miner, ensuring persistence and avoiding detection by antivirus software.
This report is a reminder of the risks associated with downloading pirated software, as it serves as a gateway for threat actors seeking to steal from victims.
Users must remain vigilant and resist the temptation of cracked software offers on YouTube or any other platform. By exercising caution and refraining from engaging in such malicious activities, users can safeguard their personal information and protect themselves from the potential consequences of these deceptive schemes.
