Watch out! Those YouTube videos might contain malware

YouTube Malware

Cybercrimes are increasing rapidly in the rapidly evolving and expanding digital age. According to security experts, cybercriminals have now started using YouTube videos to distribute malware. 

PennyWise malware

Cyble Research Labs’ researchers recently discovered more than 80 videos with relatively few viewers, which all belonged to the same user. The video demonstrates how a piece of bitcoin mining software operates. It is an apparent attempt to induce viewers to download it. Additionally, the link for download is present in the video’s description with a password-protected archive to show its legitimacy. Furthermore, the downloaded archive contains a link to VirusTotal, indicating the file as “clean.” And there is also a warning that some antivirus programs might give a false positive alert. But it isn’t so.

YouTube Malware

Moreover, the malware, called PennyWise, steals various data like system information, login credentials, cookies, encryption keys, and master passwords. In addition, it steals Discord tokens and Telegram sessions, taking screenshots all along. Also, the malware scans the victims’ devices for cryptocurrency wallets, cold storage wallet data, and crypto-related browser add-ons. 

Furthermore, after collecting all these data, PennyWise compresses them into a single file. Then, it sends it to a server under the attackers’ control. After that, PennyWise destroys itself. The malware can even analyze its surroundings, ensuring that it’s not operating in a defended or protected environment. Additionally, if it finds itself in a sandbox, it will immediately stop all its actions. Likewise, if the malware discovers that an analysis tool is running on the targeted device, it stops its attack. 

Finally, the researchers found that PennyWise stops operating if it discovers that the victim’s endpoint is in selected countries. Those countries include Russia, Ukraine, Belarus, and Kazakhstan. Thus, it gives us a hint of who might be in affiliation with the operators of this malware that attacks via YouTube videos.  

Prelo Con

By prelo

Following my passion by reviewing latest tech. Just love it.

Related news