HQ/EMEAFind out how we can help your business
Cybercriminals are infecting people with the Lumma and Vidar information stealer malware by targeting individuals who search for pirated or cracked software solutions. These attackers can spread the infostealers through YouTube comments and Google search results.
The investigation that uncovered the activity on the video-sharing platform explained that the threat actors are posing as guides offering legitimate software installation tutorials to lure viewers into reading the video descriptions or comments.
This tactic could allow the attackers to include links on YouTube comments that would redirect victims to fake software downloads that lead to malware. On Google, attackers are seeding search results for pirated and cracked software with links that pose as legitimate downloaders, including infostealing malware.
In addition, the campaign leverages reputable file hosting services like Mediafire and Mega.nz to hide the origin of their malware and make detection and removal more difficult.
The Lumma Stealer is the primary malware that commonly appears on YouTube comments.
This new campaign, which exploits YouTube comments and Google Search, appears to be similar to the one that surfaced last year and distributed Lumma Stealer.
Researchers suspect this malware has been prevalent among cybercriminals since it is a malware-as-a-service (MaaS) commonly used to steal sensitive information like passwords and cryptocurrency wallet information.
The researchers have not confirmed if the campaigns are related. Still, recent activity appears to improve in terms of the variety of malware being spread, advanced evasion tactics, and the use of malicious Google search results.
Furthermore, the hackers’ malicious downloads are often password-protected and encoded, complicating analysis in security environments such as sandboxes. The protection also allows malware to evade early detection.
After infection, the malware persists in the downloaders and collects sensitive data from Web browsers to steal credentials, endangering personal information.
This newly discovered campaign exploits people’s trust in legitimate platforms such as YouTube and file-sharing services. Hence, it can affect people looking for pirated software who think they are downloading legitimate installers for reputable programs.
Users should avoid downloading products from unknown sources and attach links that would redirect them to sketchy websites to prevent hackers from deploying their malicious payloads.
