• Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
HackRead
  • January 21st, 2021
  • Home
  • Advertise
  • Privacy Policy
  • Contact Us
HackRead
  • Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
  • Follow us
    • Facebook
    • Twitter
    • Linkedin
    • Youtube
Home
Security
Malware

Hackers spread password stealer malware from YouTube comment section

March 27th, 2018 Waqas Security, Malware 0 comments
Hackers spread password stealer malware from YouTube comment section
Share on FacebookShare on Twitter

Another day, another malware aiming at Windows devices – This time, the malware is spread from YouTube.

The IT security researchers at Russian anti-virus vendor Dr. Web have discovered a dangerous malware campaign being spread by cybercriminals from YouTube, a popular video-sharing website owned by Google.

Dubbed Trojan.PWS.Stealer.23012 by researchers, the malware is written in Python programming language and aims at targeting Microsoft Windows-based devices, steals login credentials for emails and social media accounts.

According to a blog post by Dr. Web, cybercriminals are posting malicious links in the comments and video description sections of YouTube videos, especially those videos which are based on gaming hacks and cheats using special applications.

Hackers spread password stealer malware from YouTube comment section

A screenshot shared by Dr. Web shows one of the YouTube videos containing malicious link in their disruption section.

The cybercriminals lure users into clicking on the link which would supposedly allow them to access gaming cheats and other useful utilities. But, in reality, these links take users to Yandex Disk servers, a Russian cloud service offered by Yandex, allowing users to store files on “cloud” servers and share them with others online.

Once there, the victim can see several videos containing user comments stating that the file they are about to download is clean and legitimate. However, Dr. Web noticed that all the comments on those videos are fake and posted by cybercriminals using fake profiles.

In case the victim is tricked into clicking the link it downloads a self-unpacking RAR archive file containing Trojan.PWS.Stealer.23012. Upon installing the file, it infects Windows computer and steals cookies from web browsers including Chrome, Opera, Vivaldi, and others.

Furthermore, the malware steals login credentials saved in victim’s web browser and take screenshots of user’s activity on their device. Moreover, it copies files from Windows Desktop. In this case the targeted file extensions include “.txt”, “.pdf”, “.jpg”, “.png”, “.xls”, “.doc”, “.docx”, “.sqlite”, “.db”, “.sqlite3”, “.bak”, “.sql”, and “.xml.”

After gathering the data, the malware stores it on the device’s folder “C:/PG148892HQ8” on C drive in Spam.zip folder and send it to the command and control servers (C&C) set up by the cybercriminals along with the victim’s location.

Dr. Web researchers have also identified a modified version of this malware dubbed Trojan.PWS.Stealer.23198. Therefore, gamers and YouTubers are advised to avoid clicking on links users left in the comment section of Youtube or any other site until they are verified by the site administrator/moderator.

Remember this is not the first time when YouTube has been used for malicious purposes. In January this year, hackers used YouTube to infect users’ computers with cryptojacking malware that used their device’s computing power to mine Monero cryptocurrency.

Also, gaming mods and cheat files are nothing new to malware infection. There have been several incidents involving Grand Theft Auto (GTA) IV, GTA V, Steam, Call of Duty, Assassin’s Creed and Minecraft where hackers were found spreading infected mods on the Internet.

  • Tags
  • Fraud
  • gaming
  • hacking
  • internet
  • Malware
  • Microsoft
  • Password
  • Scam
  • security
  • TROJAN
  • Windows
  • youtube
Facebook Twitter LinkedIn Pinterest
Previous article US government gets its hand on $15,000 iPhone cracking device
Next article Northern Irish Parliament Hit by Brute Force Attack
Waqas

Waqas

I am a UK-based cybersecurity journalist with a passion for covering the latest happenings in cyber security and tech world. I am also into gaming, reading and investigative journalism

Related Posts
Ongoing 'FreakOut' malware attack turns Linux devices into IRC botnet

Ongoing 'FreakOut' malware attack turns Linux devices into IRC botnet

Signal, Google Duo, FB Messenger vulnerabilities allowed eavesdropping

Signal, Google Duo, FB Messenger vulnerabilities allowed eavesdropping

Malwarebytes says it was also breached by SolarWinds hackers

Malwarebytes says it was also breached by SolarWinds hackers

Newsletter

Get the best stories straight into your inbox!



Don’t worry, we don’t spam

Latest Posts
Ongoing 'FreakOut' malware attack turns Linux devices into IRC botnet
Security

Ongoing 'FreakOut' malware attack turns Linux devices into IRC botnet

31
Signal, Google Duo, FB Messenger vulnerabilities allowed eavesdropping
Security

Signal, Google Duo, FB Messenger vulnerabilities allowed eavesdropping

60
Malwarebytes says it was also breached by SolarWinds hackers
Hacking News

Malwarebytes says it was also breached by SolarWinds hackers

69

HACKREAD is a News Platform that centers on InfoSec, Cyber Crime, Privacy, Surveillance and Hacking News with full-scale reviews on Social Media Platforms & Technology trends. Founded in 2011, HackRead is based in the United Kingdom.

Follow us