A security researcher has identified YouTube videos related to bitcoin and other cryptocurrencies pushing malware on its viewers to steal their information.
According to Bleeping Computer, the YouTube videos spreading malware were first spotted by a security researcher going by Frost, who routinely monitors the video-sharing platform for cryptocurrency-related scams.
The videos are used to promote a supposed tool that can generate the private keys of other people’s bitcoin addresses, which would allow users with access to steal the BTC stored in said addresses. In reality, the tool infects victims with a Trojan when opened to steal their data.
The videos uploaded by the attacker in one example managed to get as many as 700 views each, promoting tools to steal other people’s cryptocurrency. They included links in the video’s descriptions links to downloaded the trojanized program via Mega, Google Drive, and Yandex.
#Youtube Video pushing #predator #stealer.— hxFrost (@0xFrost) November 11, 2019
AV: 1/ 70
hash: e1c89acf2bbe555687b7c98af63c891a @mal_share https://t.co/eD6Bpl6U4i@James_inthe_box @JAMESWT_MHT @BleepinComputer @P3pperP0tts @MisterCh0c @malwrhunterteam @JayTHL @JRoosen @fumik0_ pic.twitter.com/dD0VHSs4FJ
The downloaded files comes in a ZIP folder that when unzipped would contain a predatory malware called Predator the Thief. When it starts running on victims’ devices it communicates with a command and control server to download further malware and send the attackers information.
It gives the attackers a plethora of information including what’s on the victims clipboard – which could allow them to hijack cryptocurrency transactions – and lets them steal files from the victim, and record via their webcam. Users who may have been infected are advised to change the passwords of their financial accounts, chat services, and gaming services.
To stay safe, Bleeping Computer advises people to use a password manager to have a strong, unique password on every service, and to never download programs off of YouTube, particularly those promising cryptocurrency gains.