A new day announces a new alert from security experts regarding YouTube and how the platform is being used by cybercriminals to achieve their goals.
The particular threat involves hackers trying to promote bogus bitcoin software through YouTube videos. And so far, it has worked wonders as more and more users have been tricked into installing the bitcoin mining program. But they know little about the alarming threat that is seen on the other end.
The news comes to us from researchers from Cyble’s laboratories who discovered up to 80 videos on the popular social media app. Most of the videos only had a few viewers, but ironically they had the same owner.
In this particular video, the content appears to be related to a basic guide for users regarding the operation of the mining software, urging users to download it. But in reality, it is just malware.
You can find the installation link in the description box of the video. And surprisingly, it is also password protected so users can rest assured that there is nothing fake and only 100% legit. But the tips don’t stop there. There’s even a link that shows how clean and virus-free the file is while adding a potential warning that some programs might consider it dangerous, which actually happens to be.
But what about the malware itself? Well, it has been dubbed as Pennywise and has the ability to steal all kinds of data from a system like sensitive details and other information through which hackers can invade users’ data and financial accounts.
At the same time, the malware gains access to cookies and some encryption codes, while reports of Telegram sessions being stolen have also been reported. Interestingly, it also manages to capture screenshots along the way.
Then the malware can invade crypto wallets, crypto-themed browsers, and other places related to currency exchange. So, as you can see, the malware is very thorough and smooth in its operation.
After stealing all the data it needs, the malware can then be seen taking that information and compressing it into a single file. Then the information is transmitted to a particular hacker’s server, which extracts the data and allows the malware to self-destruct.
Finally, you can find the malware performing an analysis of its environment to help assess how well it is currently protecting its environment. And if he feels threatened, all actions are aborted at a rapid pace.
There have been reports of its operators living in Russia, Kazakhstan and Belarus, but no confirmed news as of yet.
Read next: According to recent research, YTStealer malware can hijack YouTube channels