YouTube is the most popular platform for watching videos and has over 122 million daily active users, according to Global Media Insight. The website also reports that about a billion hours of content is consumed on the platform across the globe every day and India has the largest YouTube user population, with 467 million active users.
Leveraging a platform with this kind of global reach, threat actors have reportedly increased the number of YouTube videos containing links to stealer malware.
According to cybersecurity firm CloudSEK, these videos, which have increased by 200-300 percent month-on-month since November 2022, often pose as tutorials for downloading cracked versions of licensed software like Adobe Photoshop and AutoCAD. Infostealers, the malicious software spread through these videos, are designed to steal sensitive information like passwords and bank account numbers from computers.
To spread this malware, threat actors seem to be employing various tactics, including screen recordings and audio walkthroughs. “AI-generated videos featuring synthetic personas are on the rise, used in various languages and platforms for recruitment, education, and promotional purposes. Unfortunately, threat actors have also adopted this tactic,” the firm said in a statement.
CloudSEK said it has observed a 2-3 times month-on-month increase in the number of videos spreading stealer malware on the platform. Threat actors use various tactics to deceive the platform's algorithm and review processes, such as region-specific tags, fake comments, and frequent uploads to compensate for deleted or taken-down videos.
“The threat of infostealers is rapidly evolving and becoming more sophisticated, leaving users vulnerable to devastating consequences. In a concerning trend, these threat actors are now utilising AI-generated videos to amplify their reach, and YouTube has become a convenient platform for their distribution. As a result, it is absolutely critical that users exercise extreme caution when downloading software and avoid any suspicious links or videos at all costs,” said Pavan Karthick, a CloudSEK researcher.
CloudSEK research also revealed that 5-10 crack software download videos with malicious links are uploaded to YouTube every hour, making it difficult for the algorithm to identify and remove them.
To address these constantly evolving threats, CloudSEK proposed that organisations adopt adaptive threat monitoring and conduct awareness campaigns to equip users with the necessary skills to detect and prevent potential threats. Users should also enable multi-factor authentication, refrain from clicking on unknown links and emails, and avoid using pirated software.
