
YouTube Hacking Scheme Puts Billions at Risk
By Movieguide® Contributor
YouTube’s 2.5 billion users are at risk of this latest hacking scheme.
The hack involves deceptive links that install invasive malware onto the computer when clicked on. Forbes shared an example of how it works:
An attacker lures victims in with a YouTube video posing as a tutorial, in this case for how to get a free download of cracked Adobe Lightroom software. The first comment to the video contains a link, which, in turn, opens yet another YouTube post that contains the actual malicious link for the fake installer download. This link is found on a legitimate large file-hosting site “as another layer to obscure its download further and evade detection.”
Hackers rely on the trust users have in sites like YouTube to spread the fake software installers via links for pirated movies, Forbes wrote. The malware is credential stealing.
“…these deceitful actors create a pretense of offering legitimate software installation tutorials to entice viewers to click on malicious links in the video descriptions or comments,” analysts from Trend Micro said.
READ MORE: YOUTUBE HELPS CREATORS AND CELEBRITIES COMBAT AI DEEPFAKES
These hacks use a number of tactics to evade detection:
- Utilization of large file size in order to bypass defensive sandbox capabilities.
- Password-protected zip files impede content scanning, and these also serve to make investigations more complicated if the password is not available.
- By uploading the files to known media-sharing sites, antivirus protections will often “only detect if the exact link is discovered before the download.”
- The hacking campaign also employs legitimate files using dynamic link library side loading or process injection in order to execute the malicious credential-stealing payload.
Malware can “steal sensitive information from your computer, gradually slow down your computer, or even send fake emails from your email account without your knowledge,” Google says. The company has a few tips to keep you safe:
- Keep your computer and software updated
- Use a non-administrator account whenever possible
- Think twice before clicking links or downloading anything
- Be careful about opening email attachments or images
- Don’t trust pop-up windows that ask you to download software
- Limit your file-sharing
- Use antivirus software
READ MORE: YOUTUBE COULD BE HARMING YOUR KIDS MORE THAN YOU REALIZE