The comments section of the video sharing platform is being flooded with malicious links. The links are usually put on gaming videos, so as to target the gamers.
YouTube is popularly known to be one of the best, if not the best video sharing platform on the internet. The Google-owned site caters for all diverse groups and also for age groups. However, it is on the internet, has now led to it being a target by criminals, as they look for nefarious ways to make money.
The popular video sharing website is now being targeted by cyber criminals who want to spread their malware. Hackers have been putting their malicious programs onto the comments section of the videos on the video-sharing site. The program called the Trojan.PWS.Stealer.23012 is apparently being shared in the comments section. This comes a few months after seeing the spread of cryptocurrency miner on the website too.
What does the Trojan do?
The malicious software is supposedly there to steal the information of the user. It takes any personal information and sensitive data that is stored in the web browser. This includes data such as email addresses, social media accounts, and various login credentials which users might put on their browsers. Additionally, the malware is also reportedly able to take screenshots of the desktop when the user is using their computer.
The Trojan program is also said to target the files of those that are saved on the desktop of the computer. These files include txt, .pdf, .jpg, .png, .xls, .doc, .docx, .sqlite, .db, .sqlite3, .bak, .sql, .xml. The trojan is also said to add some stolen login information and any files to a Spam.zip archive. After saving the files in a remote directory, the malware will then send to the command and control center.
The collection of such data definitely leads to issues with one’s personal data. The actions of the malware will lead to identity theft and definitely privacy issues. Therefore users are encouraged to not hurriedly click on any links they see on the comments section. Checking the link first and the person who posted it is advisable. Many dubious links are easy to spot because they usually talk about illegal activities or shady ones at best.
The Trojan was mostly seen on videos which would be frequented by gamers. The malware was discovered by Russian researchers. They noticed that the malware was mostly seen on videos explaining how to hack or cheat a game. The criminals would hope that the user can click on the link because it will lead them to a website which can help them win a game.
The links, however, lead to Yandex Disk servers, a Russian cloud service. The users are further tricked on this level too. The site for the criminals will also involve videos and other comments from users claiming to have a functional site. All of this is to form an aura of credibility so that the user can think it’s legit. After going through with it, the Trojan will be able to take data from Google Chrome, Vivaldi and various other web browsers.
Fortunately, it seems like Google has already removed the malware from the comments.