YouTube Videos Promising Video Game Hacks Secretly Leads to Spyware

YouTube is one of the world’s most frequently visited websites which makes it a hacker’s ideal staging ground. Recently a GBHackers article reported on YouTube channels with a decent following that have suddenly changed their original content to new content that promises “free software or game upgrades.” Instead, when users download the supposed free software, they are infected with “information-stealing malware like Vidar, StealC, and Lumma Stealer” (Balaji). Vidar, StealC, and Lumma Stealer are relatively new and advanced spyware that can be purchased on the Dark Web.  

One channel found to be uploading such videos has over 100,000 subscribers and is verified. These channels are likely not run by their original owners anymore. Individuals can buy these YouTube channels or steal the owner’s account information to log into the account. It is not uncommon for individuals to do so to acquire a starting platform for their channel or in the case of scammers to make a quick buck. These videos are likely botted to improve their view count and include positive comments about the video which is key for social engineering. People are more likely to trust a video when there are positive comments and likes associated with it, so it is a smart social engineering tactic. Historically, YouTube has a subpar track record when it comes to moderating due to the large scope of the website. Everyday videos, comments, channels, and advertisements pass by YouTube’s content moderation despite obvious fraudulent content.  

GBHackers found that the malicious download leads to a MediaFire page where users can download the malicious game hack or free content. The files have “padding to bypass antivirus scanners” (Balaji). Once the files are executed, they receive instructions from social media accounts on “Telegram, Steam Community, and Tumblr” (Balaji). The malware camouflages messages within network traffic to help itself stay undetected. Once a user downloads and runs the spyware it will send information and communicate to social media accounts that are set up solely for this purpose. 

According to GBHackers these channels have been running since earlier this year and are still up. These channels have been reported to YouTube, but there is no telling how long it will take for them to act. While the malware might not damage the user’s computer it will spy on the user’s actions and steal potentially sensitive information. Passwords, bank details, logins, messages, and more information are all at risk when a user is infected with spyware. The only way to truly remove spyware once your computer is infected is a fresh installation of Windows. It is best to keep your eyes open and never download from a suspicious link, plus no one likes a video game hacker.  

Continue Reading This Story 

Balaji. “Threat Actors Deliver Malware via YouTube Video Game Cracks.” GBHackers on Security | #1 Globally Trusted Cyber Security News Platform, 8 Apr. 2024, gbhackers.com/hackers-deliver-malware-via-youtube-video-game-cracks/.