Users on YouTube upload thousands of new videos every day, including entertainment, teaching, records and other content. You may not watch TV channels, but you will more or less watch videos on YouTube. Many videos on YouTube are It is made with AI, but there are also many unscrupulous people riding the AI bandwagon and secretly placing malware download links on the platform. Don’t take advantage of it.
The research company discovered that hackers are using YouTube Abuse of AI to spread dangerous malware
As AI becomes popular across multiple platforms, the use of malicious means to profit from it is also increasing. Research firm CloudSEK observed that since November 2022, the number of YouTube videos The number of videos with links in their descriptions to the sources of popular malware such as Vidar, RedLine and Raccoon has increased by 200 to 300%. These videos often attract users to click on the theme of how to obtain software cracking that requires a paid license key, such as Photoshop, Premiere Pro, Autodesk 3ds Max, AutoCAD and other products are not immune.
Image source: CloudSEK
Usually these videos use screen recording or audio to guide viewers through the steps of downloading and installing software. However, these videos use Synthesia and D - There has been an increase in the number of AI-generated IDs. It is known that movies with human protagonists, especially those with certain facial features, make people lower their guard and increase trust, so it has recently been used across languages and platforms (Twitter, There are more and more videos featuring AI-generated characters on Youtube and Instagram, which are mainly used for talent recruitment, education and training, and publicity and marketing. Now this strategy is also used by malicious people.
In the description field, unscrupulous people will place confusing malicious links to guide you to click and download malware information stealing programs. After installation, it can access various private data of users, including passwords, credit card information, bank account numbers, etc. This data is then uploaded to the hacker's command and control server. Other items that may be stolen include browser data, password data, Telegram conversation content, program files (such as .txt) and system information (such as IP addresses) ), etc.
Image source: CloudSEK
CloudSEK pointed out that this bad growth emerged with the AI revolution from November 2022 until early February 2023, because hackers used ChatGPT to generate malware code The hackers who steal personal data also work with other threat actors (often called Traffer) and recruit partners to find and share information about potential victims through black markets, forums, and Telegram channels. Traffer usually provides Developers of fake websites, phishing emails, YouTube tutorials or social media posts can attach their malware to these posts.
Image source: CloudSEK
But , on YouTube, they are hacking accounts and uploading multiple videos at once to attract the attention of viewers who pay attention to the original author. Unscrupulous people will hack and take over popular accounts and accounts that are not updated frequently for different purposes. As long as they take over a person with more than An account with 100,000 subscribers and uploading five or six videos with malware is bound to get a few clicks before the owner regains control of the account. Viewers may identify the video as malicious, and report them to YouTube, who will eventually remove them. Accounts that are not updated frequently may have been exploited long ago, and the channel owner may not know about it for some time. Additionally, these hackers will also add fake comments And shorten the URLs such as bit.ly and cutt.ly to make the download address containing the virus look more attractive.