We’ve seen examples of malware and spyware hiding inside harmless-looking Google Play Store apps. Trojans can pretty much hide anywhere, not just app stores, and now that includes captions or subtitles for YouTube videos.
A new report by Korean security specialists Asec shared information on malware that wants to steal the user’s passwords and links, by supposedly being associated with videos claiming to provide hacks and cheats for games.
The malware dubbed RedLine is an information-stealing trojan that targets popular web browsers such as Chrome, Edge, and Opera, demonstrating why storing your passwords in browsers is a bad idea. First observed back in March 2020, it continues to be the most prominent cyber threat impacting users worldwide since then. It is a commodity information-stealer that can be purchased for roughly $200 on cyber-crime forums and easily be deployed without requiring much background information or effort.
Asec came across links to download RedLine in the caption for a YouTube video that appeared to offer hacks for the video game Valorant. According to Bleeping Computer, it’s not even that hard for bad links of this sort to sneak onto the platform because threat actors find it easy to bypass YouTube’s new content submission reviews or even create new accounts when reported and blocked.
Asec also listed all the data this spyware can steal, including passwords, credit card numbers, all the information saved for AutoFill forms, as well as bookmarks, and cookies. RedLine can even drain crypto accounts and targeted wallets like Armory, AtomicWallet, BitcoinCore, Bytecoin, DashCore, Electrum, Ethereum, and Jaxx. Researchers shared that RedLine uses Discord to send information back to the malware’s command and control system, a comparatively new development method.
While delivering malicious software via YouTube content isn’t exactly new, researchers report it still isn’t quite as common as methods like phishing emails and SMS. The Infosec Institute analysis of RedLine itself indicates that it looks like, the malware plans to continue plaguing more and more browsers and steal otherwise classified information. So what can you do to save your information? It might seem self-evident, but whatever you do, don’t trust random links popping up in YouTube captions or comments.