A self-replicating spyware is claimed to be targeting gamers through YouTube videos. According to a Kaspersky study, this is triggered by a peculiar harmful bundle, which combines malicious applications transmitted as a single installation file, self-extracting archive, or other file having installer-type capability. Its primary payload is the well-known RedLine stealer, which is one of the most frequent Trojans used to steal passwords and credentials from browsers. According to the article, the package is also accessible for a modest fee on underground hacker forums.
The dangerous package, according to the Kaspersky research, costs only a few hundred dollars, which is a low price for malware. RedLine can steal usernames, passwords, cookies, bank card information, and autofill data from Chromium and Gecko-based browsers, as well as data from cryptowallets, instant messengers, and FTP/SSH/VPN clients. RedLine may also download and run third-party software, perform instructions, and access URLs in the default browser.
Other files in the bundle, in addition to the stealer, assist malware self-propagation. YouTube channels are hijacked throughout the process, and malware-infected videos are posted. According to the research, "these videos offer hacks and crackers and provide advice on hacking popular games and applications."
APB Reloaded, CrossFire, DayZ, Dying Light 2, F1 22, Farming Simulator, Farthest Frontier, FIFA 22, Forza, Lego Star Wars, Osu!, Point Blank, Project Zomboid, Rust, Sniper Elite, Spider-Man, Stray, Thymesia, VRChat, and Walken are among the games for which cheats and cracks are mentioned in the videos. According to the allegation, Google promptly closed the hacked channels for violating the company's Community Guidelines.
When the malicious package is accessed, it unpacks and launches three executable files. The first is a miner, while the second is a RedLine stealer. According to the research, the primary target demographic is gamers, who are likely to have video cards installed in their PCs. These cards are suitable for mining. The third executable file guarantees that the programme starts automatically and runs the first batch file. These batch files execute three other malicious files that are in charge of the bundle's self-distribution.