A newly discovered malicious campaign spreading the RedLine Stealer infostealer has a very interesting self-propagation mechanism, researchers have discovered.
Kaspersky’s cybersecurity experts discover new malware (opens in new tab) Log into the infected user’s YouTube account and upload the video to their channel, which distributes RedLine Infostealer.
Victims (preferably PC gamers) find a hack or cheat video on YouTube for one of their favorite games: FIFA, Final Fantasy, Forza Horizon, LEGO Star Wars or Spider-Man. In the description of the video, some links claim to have these cracks and cheats, in fact, these cracks and cheats carry multiple pieces of malware bundled together.
Cryptojackers, Information Stealers
The bundle includes RedLine Stealer, one of the most popular information stealers today, capable of stealing (opens in new tab) Passwords, cookies, credit card details, instant messaging conversations and cryptocurrency wallets stored in people’s browsers.
The bundle also contains a cryptojacker, essentially a cryptocurrency miner that uses the computing power of the compromised endpoint to mine certain cryptocurrencies for the attackers. Cryptocurrency mining generally requires powerful GPU power, which most gamers typically have.
But perhaps most interestingly, the bundle contains three malicious executables for self-propagation. These are called “MakiseKurisu.exe”, “download.exe” and “upload.exe”. MakiseKurisu is an information stealer that grabs browser cookies and stores them locally.
The download.exe then grabs the fake cracked video from the GitHub repository and hands it to upload.exe, which uploads it to the victim’s YouTube account after logging in with the cookie.
If the victim isn’t an avid YouTuber, or if the notifications are turned off, there’s a good chance the malicious video will stay on their YouTube channel for a long time before being removed.
“After a video is successfully uploaded to YouTube, upload.exe sends a message to Discord with a link to the uploaded video,” Kaspersky explained.
- Here’s our rundown of the best firewalls (opens in new tab) available now
pass: Bilibili computer (opens in new tab)
