Cybercriminals Are Now Relying On YouTube Videos To Promote Dangerous Malware

A new day brings ahead a new alert by security experts regarding YouTube and how the platform is being utilized by cybercriminals to achieve their targets.

The particular threat involves hackers that are trying to promote fake bitcoin software through YouTube videos. And so far, it’s been doing wonders as more and users are getting tricked into installing the bitcoin mining program. But little do they know about the alarming threat that’s seen on the other end.

The news comes to us by researchers hailing from Cyble’s Labs who happened to discover up to 80 videos on the popular social media app. Most of the videos had just a few viewers but ironically they had the same owner.

In that particular video, the content appears to be related to a basic guide for users regarding the functioning of the mining software, tricking users into downloading it. But in reality, it’s just malware.


You can find the installation link in the description box for the video. And surprisingly, it is password protected too so that users can be reassured that it’s nothing fake and only 100% legitimate. But the tricks do not end there. There is even a link that shows how clean and virus free the file is while adding a potential alert that some programs could view it as dangerous, which it happens to be in reality.

But what about the malware itself? Well, it’s been dubbed Pennywise and has the capability to steal all sorts of data from a system like sensitive details and other information through which hackers may invade users’ data and financial accounts.

At the same time, the malware gains access to cookies and some encryption codes while reports about the theft on Telegram’s sessions were also noted. Interestingly, it manages to capture some screenshots along the way as well.

Next up, the malware can invade crypto wallets, crypto-themed browsers, and other places related to monetary exchange. So as you can see, the malware is very detail-oriented and smooth in its working.

After stealing all the data it needs, the malware can then be seen taking that information and squeezing it into one file. Then, the information is forwarded to a particular hackers’ server, which extracts the data and allows the malware to undergo self-destruction.

Lastly, you can find the malware carrying out an analysis of its environment to help gauge how protective of a surrounding it’s currently functioning. And if it feels threatened, all actions are aborted at a swift pace.

There have been reports about its operators living in Russia, Kazakhstan, and Belarus but no confirmed news yet.

Read next: According To The Recent Research YTStealer malware can hijack YouTube channels
Previous Post Next Post