Beware Game Cheat Downloads in YouTube Video Descriptions

pcmag.com:

Security researchers have discovered a new malware attack that’s designed to hijack a Windows PC and spread the attack on a victim’s YouTube account through malicious links. 

The attack deploys via malicious file bundles promoted on YouTube videos, according(Opens in a new window) to the antivirus provider Kaspersky. The videos claim to offer ways to hack and cheat at several popular games such as DayZ, Forza Horizon 5, and Dying Light 2, among others. 

To gain access to the cheats, the videos entice the user to download a file bundle—usually hosted via the telegra.ph domain or on mediafire.com—which can be found in the video’s description. But in reality, victims are downloading a self-extracting RAR archive, which includes a password-stealing program called Redline.

“The stealer can plunder usernames, passwords, cookies, bank card details and autofill data from Chromium- and Gecko-based browsers,” Kaspersky researchers warned. In addition, Redline can enable the hackers to hijack a PC to install other programs and execute commands on a browser.  

But perhaps the attack’s most interesting ability is how it can self-propagate. Kaspersky noted that several files in the malicious package are also designed to re-post videos on the victim’s YouTube account to spread the attack again. 

According(Opens in a new window) to Kaspersky, a program in the malicious bundle called MakiseKurisu.exe is designed to extract internet cookies from the victim’s browser to gain access to the victim’s YouTube account. A pair of other programs will then fetch and re-post videos to the victim's YouTube account in an effort to spread the attack to more users.

The technique underscores how hackers can exploit supposed game cheats to trick