Risk actors are resorting to YouTube films that includes written content related to cracked software program in order to entice users into downloading an information stealer malware identified as Lumma.
“These YouTube video clips normally feature material similar to cracked applications, presenting consumers with related set up guides and incorporating malicious URLs frequently shortened making use of services like TinyURL and Cuttly,” Fortinet FortiGuard Labs researcher Cara Lin stated in a Monday investigation.
This is not the first time pirated software program movies on YouTube have emerged as an helpful bait for stealer malware. Formerly comparable attack chains were noticed delivering stealers, clippers, and crypto miner malware.
Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).
➤ Get Mullvad VPN with 12% Discount
In accomplishing so, menace actors can leverage the compromised devices for not only data and cryptocurrency theft, but also abuse the resources for illicit mining.
In the most current attack sequence documented by Fortinet, users browsing for cracked variations of respectable online video editing equipment like Vegas Pro on YouTube are prompted to click on a url located in the video’s description, major to the obtain of a bogus installer hosted on MediaFire.
The ZIP installer, the moment unpacked, options a Windows shortcut (LNK) masquerading as a set up file that downloads a .NET loader from a GitHub repository, which, in transform, loads the stealer payload, but not in advance of performing a sequence of anti-digital equipment and anti-debugging checks.
Lumma Stealer, penned in C and provided for sale on underground forums since late 2022, is able of harvesting and exfiltrating sensitive info to an actor-managed server.
The advancement arrives as Bitdefender warned of stream-jacking attacks on YouTube in which cybercriminals consider about high-profile accounts via phishing attacks that deploy the RedLine Stealer malware to siphon their credentials and session cookies, and ultimately endorse a variety of crypto frauds.
It also follows the discovery of an 11-month-outdated AsyncRAT marketing campaign that employs phishing lures to download an obfuscated JavaScript file which is then utilized to fall the remote accessibility trojan.
“The victims and their firms are meticulously chosen to broaden the impact of the marketing campaign,” AT&T Alien Labs researcher Fernando Martinez stated. “Some of the identified targets manage crucial infrastructure in the U.S.”
Identified this article fascinating? Stick to us on Twitter and LinkedIn to read through more exceptional written content we publish.
Some sections of this write-up are sourced from:
thehackernews.com