These YouTube gaming videos are spreading malware

News
By published

Self-seeding malware spreading through malicious YouTube videos

Magnifying glass enlarging the word 'malware' in computer machine code
(Image credit: Shutterstock)

A newly discovered malicious campaign that distributes the RedLine Stealer infostealer comes with a very interesting self-propagation mechanism, researchers have found. 

Cybersecurity experts from Kaspersky uncovered new malware that logs into the YouTube accounts of compromised users and uploads a video to their channel, which distributes RedLine Infostealer.

A victim, ideally a PC gamer, finds a YouTube video on cracks, or cheats, for one of their favorite games: either FIFA, Final Fantasy, Forza Horizon, Lego Star Wars, or Spider-Man. In the video’s description are links that claim to hold those cracks and cheats which, in fact, host multiple malware bundled together.

Cryptojackers, infostealers

In the bundle is RedLine Stealer, one of the most popular infostealers nowadays, capable of stealing passwords stored in people’s browsers, cookies, credit card details, instant messaging conversations, and cryptocurrency wallets. 

The bundle also holds a cryptojacker, essentially a cryptocurrency miner which uses the computing power of the compromised endpoint to mine certain cryptocurrency for the attackers. Cryptocurrency mining usually requires significant GPU power, something most gamers usually have.

But perhaps most interestingly, the bundle has three malicious executables, used for self-propagation. These are called “MakiseKurisu.exe”, “download.exe”, and “upload.exe”. MakiseKurisu is an infostealer that grabs browser cookies and stores them locally. 

Read more

> A nasty new infostealer malware is landing in email inboxes

> Here's another good reason not to download pirated software

> Protect against DDoS attacks with these solutions

Then, download.exe would grab the fake crack video from a GitHub repository, and hand it over to upload.exe, which would upload it to the victim’s YouTube account, after using cookies to log in.

If the victim isn’t an avid YouTube user, or has notifications turned off, there is a good chance the malicious video could sit on their YouTube channel for a long time, before being taken down.

“When the video is successfully uploaded to YouTube, upload.exe sends a message to Discord with a link to the uploaded video,” Kaspersky explains.

Via: BleepingComputer

TOPICS
Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Read more
botnet
YouTubers targeted by blackmail campaign to promote malware on their channels
Pirate skull cyber attack digital technology flag cyber on on computer CPU in background. Darknet and cybercrime banner cyberattack and espionage concept illustration.
Microsoft reveals over a million PCs hit by malvertising campaign
A concept image of someone typing on a computer. A red flashing danger sign is above the keyboard and nymbers and symbols also in glowing red surround it.
Fake Reddit sites found pushing Lumma Stealer malware
Representational image of a cybercriminal
Criminals are spreading malware disguised as DeepSeek AI
A white padlock on a dark digital background.
GitHub is hiding malware disguised as games, legitimate software
Trojan
Hackers hide malware into website images to go unnoticed
Latest in Security
ransomware avast
One of the most powerful ransomware hacks around has been cracked using some serious GPU power
person at a computer
Many workers are overconfident at spotting phishing attacks
A fish hook is lying across a computer keyboard, representing a phishing attack on a computer system
Microsoft 365 accounts are under attack from new malware spoofing popular work apps
Data Breach
Thousands of healthcare records exposed online, including private patient information
China
Juniper patches security flaws which could have let hackers take over your router
Representational image depecting cybersecurity protection
GitLab has patched a host of worrying security issues
Latest in News
European Union technical background
EU tech companies push for digital sovereignty, reducing reliance on US and others
ransomware avast
One of the most powerful ransomware hacks around has been cracked using some serious GPU power
Star Wars Knights of the Old Republic
Knights of the Old Republic remake developer Saber Interactive states all its projects are 'still in development'
google nest
Google is slowly phasing out its Assistant helper to make room for Gemini's reign in smartphones - here’s how it’s doing the same for smart home devices
Renault 5 Turbo 3E
Renault unveils its wildest EV to date and it comes with in-wheel motors and a rally-style vertical handbrake for drifting
Circular smart ring
Circular's new smart ring is getting blood pressure and blood glucose monitoring before the Apple Watch
More about security
A fish hook is lying across a computer keyboard, representing a phishing attack on a computer system

Microsoft 365 accounts are under attack from new malware spoofing popular work apps
person at a computer

Many workers are overconfident at spotting phishing attacks
ransomware avast

One of the most powerful ransomware hacks around has been cracked using some serious GPU power
See more latest
Most Popular
ransomware avast
One of the most powerful ransomware hacks around has been cracked using some serious GPU power
A fish hook is lying across a computer keyboard, representing a phishing attack on a computer system
Microsoft 365 accounts are under attack from new malware spoofing popular work apps
Snap Spectacles 5
Latest Snap Spectacles update teases an exciting AR future that I can't wait for
Renault 5 Turbo 3E
Renault unveils its wildest EV to date and it comes with in-wheel motors and a rally-style vertical handbrake for drifting
3D version of the Adobe logo
Adobe Summit 2025 - all the news and updates as it happens
google nest
Google is slowly phasing out its Assistant helper to make room for Gemini's reign in smartphones - here’s how it’s doing the same for smart home devices
European Union technical background
EU tech companies push for digital sovereignty, reducing reliance on US and others
Gemini on a mobile phone.
Worryingly, Google Gemini’s new AI image generation features can be used to remove watermarks from images and I'm concerned
Star Wars Knights of the Old Republic
Knights of the Old Republic remake developer Saber Interactive states all its projects are 'still in development'
Percy walks into a forest camp in Percy Jackson and the Olympians' Disney Plus series
Disney+ renews Percy Jackson and the Olympians for season 3, unleashing an epic new odyssey based on the The Titan's Curse