YouTube virus: watch out for this malware in video descriptions!

April 19, 2023 Joe Kenehan

Her nickname is Aurora Stealer. This is a piece of malware that – as the name suggests – will steal just about anything stealable from a computer. We are talking here about money via more than 40 types of crypto wallets, but also passwords to access the victim’s accounts or steal their identity. Aurora Stealer is part of a new wave of viruses: “Malware-as-a-Service”. Just pay $250/month to access the various features. Each budding little crook must therefore make his investment profitable by placing contaminated links to trap his unfortunate victims.

In a new twist to #malware distribution, threat actors are using YouTube videos to distribute the Aurora information stealer via “highly evasive” in2al5d p3in4er loader.

Read on to learn more: https://t.co/u3K5lFQHJ8 #informationsecurity #cybersecurity

— The Hacker News (@TheHackersNews) April 19, 2023

Watch out for links in YouTube descriptions!

The easiest way is to pollute YouTube videos using two techniques. The first is to hack more or less known channels, create a video using AI to promote software and place broken link in description. It is also possible to cheat gullible YouTubers. All the pirate has to do is pretend to be a salesman who wants to sell software. The YouTuber is paid for a certain amount or is paid a percentage (which he will never see the color) to place the link. After clicking on the latter, the victim does not suspect anything, because the page is strictly identical to that of the editor.

Antiviruses pass through…

This is where it becomes interesting, because the download link does not lead directly to malware, but to a “loader” which will generate “à la carte” malware for its victim. By using a “process hollowing” technique – which will modify part of a “safe” program with a contaminated part – the victim’s antivirus will see nothing but fire. Here, the loader will use the legitimate sihost.exe process to deliver the malware payload to the computer.

The guys from Tipiak are getting stronger and stronger.