Links to harmful password-protected archive files intended to install the RedLine Stealer malware and crypto miners on infected devices are being sent to gamers searching for cheats on YouTube.
In a new report released today, Kaspersky security researcher Oleg Kupreev stated that “the videos sell cheats and crackers and provide advice on hacking popular games and applications.”
APB Reloaded, CrossFire, DayZ, Farming Simulator, Farthest Frontier, FIFA 22, Final Fantasy XIV, Forza, Lego Star Wars, Sniper Elite, and Spider-Man are just a few of the games mentioned in the videos.
Redline Stealer, a currency miner, and several additional binaries that enable the bundle’s self-propagation are executed after downloading the self-extracting RAR package.
An open-source C# password stealer that can harvest cookies from browsers is specifically employed for this, and the operators use it to obtain access to the victim’s YouTube account and upload a video that contains a link to the infected files.
One of the executables in the archive sends a message to Discord with a link to the uploaded video after a video is successfully published to YouTube.
The findings come as over 91,000 files disseminated under the pretext of games like Minecraft, Roblox, Need for Speed, Grand Theft Auto, and Call of Duty have reached roughly 385,000 individuals who faced gaming-related malware and unwanted software between July 1, 2021, and June 30, 2022.
According to Kupreev, “cybercriminals actively look for gaming accounts and gaming computer resources.” “Stealer-style malware is frequently disseminated as game hacks, cheats, and cracks. All of this serves as additional evidence, if any were required, that illicit software should be handled carefully.”