Researchers Warn of Self-Spreading Malware Targeting Gamers via YouTube

  • Gamers looking for cheats on YouTube are being targeted with links to malicious password-protected archive files designed to install the RedLine Stealer malware and crypto miners on compromised machines.

    “The videos advertise cheats and cracks and provide instructions on hacking popular games and software,” Kaspersky security researcher Oleg Kupreev said in a new report published today.

    Games mentioned in the videos are APB Reloaded, CrossFire, DayZ, Farming Simulator, Farthest Frontier, FIFA 22, Final Fantasy XIV, Forza, Lego Star Wars, Sniper Elite, and Spider-Man, among others.

    Downloading the self-extracting RAR archive leads to the execution of Redline Stealer, a coin miner, as well as a number of other binaries that enable the bundle’s self-propagation.

    Specifically, this is achieved by means of an open-source C#-based password stealer that’s capable of extracting cookies from browsers, which is then used by the operators to gain unauthorized access to the victim’s YouTube account and upload a video with a link to the malicious archive.

    Once a video is successfully uploaded to YouTube, one of the executables in the archive transmits a message to Discord with a link to the uploaded video.

    The findings come as the total number of users who encountered gaming-related malware and unwanted software from July 1, 2021, through June 30, 2022 touched nearly 385,000, with over 91,000 files distributed under the guise of games such as Minecraft, Roblox, Need for Speed, Grand Theft Auto, and Call of Duty.

    “Cybercriminals actively hunt for gaming accounts and gaming computer resources,” Kupreev said. “Stealer-type malware is often distributed under the guise of game hacks, cheats and cracks. All this is further proof, if any were needed, that illegal software should be treated with extreme caution.”

    Found this article interesting? Follow THN on Facebook, Twitter  and LinkedIn to read more exclusive content we post.