YouTube videos made with AI are spreading malware

News
By published

It goes without saying, but don't try and download pirated software

Man using the YouTube app on iPhone
(Image credit: Shutterstock / mrmohock)

YouTube has seen a recent surge in the number of videos containing harmful links to infostealers in their descriptions, with many using AI-generated personas to fool viewers into trusting them. 

Cyber intelligence firm CloudSEK reports that, since November 2022, there has been a massive 200-300% increase in content uploaded to the video hosting website that dupes viewers into installing well-known malware such as Vidar, RedLine and Raccoon. 

The videos pretend to be tutorials showing how to download illegal copies of popular paid-for design software for free, such as Adobe Photoshop, Premiere Pro, Autodesk 3ds Max, and AutoCAD. 

Appearing trustworthy

The tutorial videos have been growing in sophistication, from screen recordings and audio-only walkthroughs, to now using AI to create a realistic depiction of a person guiding the viewer through the process, all in an attempt to appear more trustworthy.

CloudSEK notes that AI-generated videos in general are on the rise, used for legitimate educational, recruitment and promotional purposes, but now for nefarious ends as well.

Infostealers, as the name suggests, penetrate a user's system and steal valuable personal information, such as passwords and payment details, and are spread via malicious downloads and links, such as those in the description of videos as in this case. This data is then uploaded to the threat actor's server. 

CloudSEK address the fact that,with 2.5 billion users a month, YouTube is a prime target for threat actors who, in order to eschew the platform's automated content review process, work to deceive the algorithm in various ways.

These include using region-specific tags, adding fake comments to make videos seem legitimate, and simply swarming the platform with multiple videos to compensate for any removed and banned videos. CloudSEK found that 5-10 of these malicious videos are uploaded every hour. 

In order to optimize for SEO, many hidden links are also used, as well as making use of random keywords in various languages so that the YouTube algorithm ends up recommending them.

Also, in order to cover up the malicious nature of the links, link shortening services such as bit.ly are used, as well as links to file hosting services such as MediaFire.

“The threat of infostealers is rapidly evolving and becoming more sophisticated," said CloudSEK researcher Pavan Karthick. "In a concerning trend, these threat actors are now utilizing AI-generated videos to amplify their reach, and YouTube has become a convenient platform for their distribution."

Read more

> AI has opened a new front in the war with cybercrime

> Microsoft chief warns more deepfake threats could be coming soon

> Phishing works so well that cybercriminals don't need deepfakes

CloudSEK suggests that "traditional string-based rules will prove ineffective against malware that dynamically generates strings and/or uses encrypted strings."

Instead, it recommends that firms adopt a more manual approach, where the tactics and techniques of threat actors are closely monitored in order to correctly identify threats. 

In addition, CloudSEK suggests that awareness campaigns should be conducted, sharing simple advice such as refraining from clicking on unknown links and using multi-factor authentication to sure up accounts, ideally with an authenticator app

Lewis Maddison
Lewis Maddison
Reviews Writer

Lewis Maddison is a Reviews Writer for TechRadar. He previously worked as a Staff Writer for our business section, TechRadar Pro, where he had experience with productivity-enhancing hardware, ranging from keyboards to standing desks. His area of expertise lies in computer peripherals and audio hardware, having spent over a decade exploring the murky depths of both PC building and music production. He also revels in picking up on the finest details and niggles that ultimately make a big difference to the user experience.

Read more
Representational image of a cybercriminal
Criminals are spreading malware disguised as DeepSeek AI
A TV remote pointing at YouTube logo
YouTube warns of phishing video using its CEO as bait
botnet
YouTubers targeted by blackmail campaign to promote malware on their channels
Hands typing on a keyboard surrounded by security icons
The psychology of scams: how cybercriminals are exploiting the human brain
Phishing
Corporate executives are being increasingly targeted by AI phishing scams
Concept art representing cybersecurity principles
Cybercriminals cashing in on holiday sales rush
Latest in Security
A computer file surrounded by red laser beams
Free online file converters could infect your PC with malware, FBI warns
Close up of a person touching an email icon.
Criminals are using CSS to get around filters and track email usage
DeepSeek on a mobile phone
More US government departments ban controversial AI model DeepSeek
Ransomware
Fortinet firewall bugs are being targeted by LockBit ransomware hackers
Trojan
Microsoft warns of a devious new RAT malware which can avoid detection with apparent ease
NordProtect logo
Standalone identity theft protection from Nord Security is now available
Latest in News
Volvo Gaussian Splatting
Volvo is using AI-generated worlds to make its cars safer and it’s all thanks to something called Gaussian splatting
Image of Asus ROG Ally running Bazzite/SteamOS
This SteamOS update promises a new future for non-Steam Deck handheld PCs – and I can’t wait
Perplexity Squid Game Ad
New ad declares Squid Game's real winner is Perplexity AI
Pedro Pascal in Apple's Someday ad promoting the AirPods 4 with Active Noise Cancellation.
Pedro Pascal cures his heartbreak thanks to AirPods 4 (and the power of dance) in this new ad
Frank Grimes confronts Homer Simpson in The Simpsons' Homer's Enemy episode
Disney+ adds a new continuous Simpsons stream, so you no longer have to spend ages choosing an episode
Helly and Mark standing on an artificial hill surrounded by goats in Severance season 2 episode 3
New Apple teaser for Severance season 2 finale suggests we might finally find out what Lumon is doing with those goats, and I don't think it's anything good
More about security
A computer file surrounded by red laser beams

Free online file converters could infect your PC with malware, FBI warns
Robotic hand clicking on captcha 'I am not a robot'.

Fake CAPTCHAs are being used to spread malware - and we only have ourselves to blame
Collaboration in an office.

Trends driving IT decision-makers in 2025
See more latest
Most Popular
Image of Asus ROG Ally running Bazzite/SteamOS
This SteamOS update promises a new future for non-Steam Deck handheld PCs – and I can’t wait
Volvo Gaussian Splatting
Volvo is using AI-generated worlds to make its cars safer and it’s all thanks to something called Gaussian splatting
A computer file surrounded by red laser beams
Free online file converters could infect your PC with malware, FBI warns
Nvidia GR00T N1 humanoid robot
Nvidia is dreaming of trillion-dollar datacentres with millions of GPUs and I can't wait to live in the Omniverse
Pedro Pascal in Apple's Someday ad promoting the AirPods 4 with Active Noise Cancellation.
Pedro Pascal cures his heartbreak thanks to AirPods 4 (and the power of dance) in this new ad
Nvidia Earth-2 weather models
Nvidia has updated its virtual recreation of the entire planet - and it could mean better weather forecasts for everyone
Sennheiser HD 550 headphones profile shot
Sennheiser announces new HD 550 headphones with high-quality audio for gamers and audiophiles
Perplexity Squid Game Ad
New ad declares Squid Game's real winner is Perplexity AI
Frank Grimes confronts Homer Simpson in The Simpsons' Homer's Enemy episode
Disney+ adds a new continuous Simpsons stream, so you no longer have to spend ages choosing an episode
Foldable iPhone
Apple’s first foldable iPhone could beat the Samsung Galaxy Z Fold 7 in one key way