article featured image


Hackers use AI-generated YouTube videos to deploy Raccoon, RedLine, and Vidar malware. The videos look like tutorials on how to download Adobe Photoshop, Premiere Pro, Autodesk 3ds Max, AutoCAD, etc. for free. Some of the videos claim to show the viewers how to crack software that is otherwise available only for cost.

Researchers warn that videos that contain links to info-stealing malware in the description section are on the rise.

The Distribution Method

Threat actors use SEO poisoning techniques to make the malicious videos rank high in the results. They trick the victim to click on links that are often obfuscated by using URL shorteners: bit.ly, cutt.ly, etc.

Sometimes, hackers hide the links on file hosting platforms, like Discord, GitHub, Google Drive, MediaFire, or Telegra.ph, for example. In some cases, when you click the link, it directly downloads the malicious file on the device.

Top Accounts Are in Focus

The threat actors’ goal is to hijack top accounts. So, they use social engineering and information that comes from data leakage to snatch large, legit, YouTube accounts. This way, they rapidly gain access to a large number of people.

To make their materials more credible and appealing, they use AI-generated personas. The videos also contain share screen recordings and audio walkthroughs. Threat actors have also developed a method to trick the YouTube review process.

Threat actors use region-specific tags, write fake comments with automated processes to add legitimacy, and continuously upload videos to keep up with takedowns.


How to Avoid Being a Victim to Info-stealing

Due to the huge, over 2.6 billion number of active monthly users that YouTube has, malicious videos have become a serious threat to cybersecurity. Lots of these users are not aware of the danger and can easily be tricked. In order to avoid falling victim to info-malware, researchers recommend that organizations:

And if you liked this article, follow us on LinkedInTwitterFacebook, and YouTube for more cybersecurity news and topics.

Heimdal Official Logo
Simple standalone security solutions are no longer enough.
Is an innovative and enhanced multi-layered EDR security approach to organizational defense.
  • Next-gen Antivirus & Firewall which stops known threats;
  • DNS traffic filter which stops unknown threats;
  • Automatic patches for your software and apps with no interruptions;
  • Privileged Access Management and Application Control, all in one unified dashboard
Try it for FREE today 30-day Free Trial. Offer valid only for companies.
Author Profile

Livia Gyongyoși

Communications and PR Officer

Livia Gyongyoși is a Communications and PR Officer within Heimdal®, passionate about cybersecurity. Always interested in being up to date with the latest news regarding this domain, Livia's goal is to keep others informed about best practices and solutions that help avoid cyberattacks.

Leave a Reply

Your email address will not be published. Required fields are marked *