YouTube has become a common platform for hackers to attract victims through AI-generated content. According to reports, there has been an exorbitant rise in YoutTube videos containing links to potent malware capable of stealing sensitive user information. In this post, we will discuss how hackers have been misusing YouTube to spread malware and how you may stay safe from YouTube video scams.
Stay safe from YouTube Video Scams, Malware, and Phishing Videos
The growing trend of Artificial Intelligence in the media industry has given rise to many automated content-generation platforms. Such platforms are being used by businesses across the globe to improve their content creation process and deliver more engaging content to their audience. However, cybercriminals are leveraging these platforms to spread malware on Windows and Android.
CloudSEK, an Indian cybersecurity firm, has published a report that says cybercriminals have increased the use of AI-generated videos to trick people into installing stealer malware such as Vidar, RedLine, and Raccoon on their devices. Once installed, the malware steals confidential information (such as credit card details, passwords, bank account numbers, etc.) from a user’s computer and sends it to the hacker’s device.
The videos are being uploaded in different languages on YouTube; though they may appear on other social media platforms as well, including Facebook, Twitter, and Instagram. Cybercriminals use SEO optimization to ensure that the video appears on top of the search results and add fake comments to the videos to mislead users into believing that the download is legitimate. They also use data leaks and stealer logs to control existing YouTube accounts.
How do these YouTube videos trick users?
These videos pretend to be tutorials on installing pirated versions of paid software such as Photoshop, AutoCAD, Premiere Pro, etc., making the victims fall for such scams. The videos were initially based on screen recordings or written instructions for downloading a cracked version of the software, but as more AI tools came into existence, hackers have now resorted to using virtual people in their videos, which looks more appealing and convincing to the viewer.
They guide the viewer on getting free access to paid software, and in turn, promote information stealers. Information stealer, also known as infostealer, is a type of malicious software that steals sensitive information from a computer. Viewers are enticed to download the cracked software using the link given in the video description. Once the software is installed, infostealer gains access to the user’s device and steals confidential information for illegal use.
What information can YouTube Infostealers collect?
Cybercriminals distribute infostealers via YouTube tutorials, phishing emails, fake websites, social media posts, etc., to target a variety of user information, including but not limited to:
- Bowser history, cookies, auto-fills, saved passwords
- Crypto wallet credentials and data
- Telegram credentials and data
- System information (OS/Hardware/Software)
Infostealer steals this information and packs it into an archive, known as log. This log enables the cybercriminal to take full control over a victim’s online identity and gain direct access to any of his accounts (email, gaming, social networking, corporate, etc.).
YouTube Account Takeover by Hackers
Cybercriminals take over popular YouTube channels to quickly reach a larger audience. By the time the account owner reports the takeover and gains back access to his account, the attacker has already made many people fall for his prey. Cybercriminals also takeover less popular YouTube channels to ensure that the download remains available for a significant period of time (casual users may not bother to report the takeover or may not even notice the takeover).
How to avoid YouTube phishing scams?
To prevent your personal data from being compromised, it is important to stay informed about these ongoing scams. Awareness and diligence are the best ways to guard yourself against infostealers.
- Read news about new phishing techniques.
- Avoid falling for free versions of software that are exclusively available to paid users.
- Never click on download links from unknown sources.
- Use Google Search to verify a domain’s authenticity.
- Regularly update your security software.
- Use desktop and network firewalls.
- Don’t disclose your personal information on untrusted websites.
- Don’t respond to emails that urge you to take immediate action.
- Change your passwords regularly.
- Install an anti-phishing toolbar on your browser.
- Don’t click on the ‘Cancel’ button to close a pop-up. This may lead you to a phishing site. Instead, click on the cross (x) icon.
- In event of a malware attack, immediately disconnect your device from all network connections and take it to an expert for malicious software removal.
This is how cybercriminals use YouTube videos and other phishing techniques to spread malicious software and how you may avoid falling for such online phishing scams.
I hope you find this post useful.
TIP: Subscribe to our YouTube Channel to stay in touch with the latest in the world of computing.
Can you get scammed on YouTube?
YouTube doesn’t allow cyber criminals to have active accounts for the long term; however, they may take over existing YouTube channels to spread malicious software through AI-generated videos. These videos simulate tutorial videos for installing cracked software whose link is given in the description. If you click on this link, you may infect your PC with malware.
Read: Avoid online scams and know when to trust a website
When you repost a YouTube video, what happens?
You can repost a YouTube video only if it falls under the Creative Common License. If the owner chooses a standard YouTube license, the video can not be reproduced or redistributed. When you reupload such a YouTube video, the upload may be flagged as duplicate content, which may result in the removal of your channel from YouTube.
Read: How to prevent Malware on Windows.
Where to report YouTube scams?
You can report YouTube scams directly on YouTube. Log in to your YouTube account and go to the video you want to report. Click on the three-dots icon below the video player (next to the channel’s profile icon) and select Report. Select Spam or misleading from reporting options. Select Scams or fraud as a suboption. Then click on Report to report the scam.
Read: How do I know if my computer has been hacked and what to do next?
Can YouTube give you a virus?
YouTube videos cannot spread viruses, so you cannot get a virus just by watching or playing a video. However, cybercriminals may trick you into downloading malicious software using the links available in the video description. These malware can easily infect your PC and steal sensitive user information.