A self-spreading malware is reported to be attacking avid gamers by means of YouTube videos. As for every a report by Kaspersky, this is caused by an strange malicious bundle, which includes malicious courses distributed in the type of a single set up file, self-extracting archive or other file with installer-sort functionality. Its main payload is the popular RedLine stealer — a person of the most popular Trojans utilized to steal passwords and credentials from browsers. The report also suggests that the bundle is obtainable on underground hacker forums for a little value tag.
According to the Kaspersky report, the malicious bundle is merely a several hundred dollars, which is a tiny selling price tag for malware. The RedLine stealer can steal usernames, passwords, cookies, lender card facts, and autofill information from Chromium- and Gecko-primarily based browsers, info from cryptowallets, instantaneous messengers, and FTP/SSH/VPN purchasers. In addition, RedLine can obtain and operate 3rd-party systems, execute commands, and open up inbound links in the default browser.
Alongside the stealer, there are other data files in the bundle that aid self-propagation of the malware. In the procedure, the YouTube channels are hacked and video clips with malware are posted. “These movies promote cheats and cracks and deliver guidance on hacking well-known video games and software,” the report mentioned.
The game titles for which cheats and cracks are described in the films include things like APB Reloaded, CrossFire, DayZ, Dying Mild 2, F1 22, Farming Simulator, Farthest Frontier, FIFA 22, Ultimate Fantasy XIV, Forza, Lego Star Wars, Osu!, Point Blank, Project Zomboid, Rust, Sniper Elite, Spider-Gentleman, Stray, Thymesia, VRChat, and Walken. The report cited Google as saying that the hacked channels have been speedily terminated for violation of the company’s Neighborhood Guidelines.
After accessed, the malicious bundle unpacks and runs 3 executable data files. The initially is the RedLine stealer, and the second is a miner. The report says that the major goal audience is players who are likely to have online video cards installed in their programs. These playing cards can be utilised for mining. The 3rd executable file ensures automatic startup and runs the initial of the batch information. These batch data files run three other destructive data files, which are liable for the bundle’s self-distribution.