YouTube videos containing malware are on the rise, here is how you can stay safe

By Divyanshi SharmaYouTube is generally the go-to place for tutorial videos, gaming walkthroughs, cooking tips, tech tips, academic tutorials, and so on. The platform is popular across the globe and has over 2.5 billion monthly users, a report by cyber intelligence firm CloudSEK suggests. However, did you know that in the last couple of months, the platform is being exploited by cybercriminals to spread malware through certain links? Read on to find out what has been happening and how you can ensure that you are safe from being exposed to such harmful links.

Rise in YouTube videos containing malware

The report by CloudSEK highlights that since November 2022, there has been a 200-300 percent month-on-month increase in Youtube videos that contain links to stealer malware such as Vidar, RedLine, and Raccoon. The links are a part of descriptions of these videos that lure users by pretending to be tutorials on how to download cracked versions of software such as Photoshop, Premiere Pro, Autodesk 3ds Max, AutoCAD, and other products. In reality, these licensed products are only available to users who have paid for them.

Generally, a tutorial on how to download and install a particular software consists of a video made via screen-recording apps combined with an audio walkthrough by the creator. Many of us have found certain videos to be incredibly helpful in the case we found ourselves in a state of flux after not being able to download or install a particular software. However, there has now been an increase in the use of AI-generated videos from platforms such as Synthesia and D-ID, being used in the aforementioned YouTube videos. Threat actors (cybercriminals and other attackers) are taking advantage of AI-generated videos and are using it to create videos that look like tutorials but are an attempt to spread malware.

“It is well known that videos featuring humans, especially those with certain facial features, appear more familiar and trustworthy. Hence, there has been a recent trend of videos featuring AI-generated personas, across languages and platforms (Twitter, Youtube, Instagram), providing recruitment details, educational training, promotional material, etc. And threat actors have also now adopted this tactic,” the CloudSEK report states.

The report also mentions that YouTube’s regulations and review processes make it hard for such cybercriminals to have long-term accounts on the platforms. In most cases, once a video affects several users, it is taken down from YouTube and the account is banned. However, several users would have already been impacted by then and threat actors are constantly on the lookout for ‘new ways to circumvent the platform’s algorithm and review process’.

“We have observed that every hour 5-10 crack software download videos, containing malicious links, are uploaded to Youtube. This frequent addition of videos compensates for the videos that are deleted or taken down and ensures that at any given time, if a user searches for a tutorial on how to download a cracked software, these malicious videos will be available,” the report states.

The threat actors also reportedly target accounts of other users and use them to upload such malicious videos in order to amplify their reach.

“There have been several reports and complaints regarding Youtube account takeovers. The threat actors immediately upload 5-6 videos to the account,” the report states.

What are infostealers?

Infostealers refer to malicious software that has been specifically created to extract sensitive information from computers. These programs can extract passwords, bank account numbers, credit card information, and other confidential data. They are typically disseminated through malicious software downloads, fake websites, and YouTube tutorials. After the software has been installed on a system, it will extract information and then transmit it to the attacker’s Command and Control server.

How can you stay safe?

You can stay safe from such videos by avoiding clicking on any unauthorised or suspicious links. The links are usually a part of the video’s description and will claim to take you to the download directly, hence promising to save you the hassle of going to the original website of the concerned software. It is always advised to download and install software from their authentic websites only.

Also, be wary of the comments section of a YouTube video. At times, cybercriminals add malware links to comments of various YouTube videos. One click on this link might expose you to a malware. Additionally, if you absolutely must use the link mentioned in a YouTube video’s description, do run it by a URL scanner first for malware detection.