If you’re on YouTube, be aware of the ongoing Lumma Stealer campaign. In this campaign, a threat actor hacks a YouTuber’s account and uploads a video that looks like a legitimate cracked software share.
Cybersecurity researchers at Fortinet’s FortiGuard Labs have discovered a new wave of cyber threats in which malicious actors are leveraging YouTube channels to spread notorious content. luma stealer Via cracked software.
The malware campaigns studied by researchers included YouTube videos that disguised content related to cracked applications, directing users to installation guides with hidden malicious URLs.
This is characterized by evasion techniques used by attackers using open source platforms, including: GitHub MediaFire is a file sharing and cloud storage service for bypassing traditional web filter blacklists.
specially created installation ZIP file It acts as an effective decoy, taking advantage of the intentions of the users installing the application and convincing them to click on the malicious file without question. The attacker uses a private .NET loader with environment checks, anti-virtual machine, and anti-debugging capabilities.
Lumma Stealer is a well-known threat that targets sensitive information such as user credentials, system details, browser data, and extensions, and has been actively promoted on the dark web and Telegram channels since 2022. Masu. The global presence of this malware is clear and has reached its peak. observed in december.
among them blog post In findings shared with Hackread.com ahead of Tuesday’s publication, FortiGuard Labs details the complex stages of the attack and delves deeper into the tactics employed by the threat group.
The malware campaign’s modus operandi involves attackers compromising a YouTuber’s account and uploading a video that looks like a legitimate cracked software share.
In the next step, an unsuspecting user is directed to download a ZIP file from a file sharing site. This ZIP file contains malicious content that is used in the next stage of the attack. Regular updates to these files suggest that attackers are continually refining their methods to effectively spread malware.
It is worth noting that this campaign includes the use of a private .NET loader, a type of hidden tool that creates a special set of instructions that allows code to run undetected. The script then connects to a GitHub repository and downloads encrypted binary data from a server selected based on the system’s date rating.
Additionally, the DLL file responsible for decoding the Lumma Stealer payload performs extensive environmental checks to evade analysis. This includes vetting virtualization platforms and sandbox environments, as well as anti-VM and debugging measures – simply put, Lumma Stealer has the ability to evade external detection. Anti-malware solution.
In the new campaign, once Lumma Stealer infects a device, it begins looking for the victim’s browser data. It gains access to cryptocurrency wallets and steals various types of information such as login credentials, personal information, financial information, and cryptocurrency funds. Additionally, it covers other data including browser extensions.
YouTube, known as a great entertainment platform, has unfortunately also become a profit haven for cybercriminals. Over the years, Google-owned sites have seen a spike in serious malware infections and cryptocurrency-related scams.
October 2023, researchers reported a new threat known as streamjacking. This is a tactic aimed at spreading Redline malware during live streams and stealing cryptocurrency funds. Considering this, the seriousness of the situation is clear, but in 2020Google has taken steps to remove 2 million channels and 51 million videos due to the prevalence of malware and cryptocurrency scams.
Nevertheless, as threat actors continue to equip Lumma Stealer with new malicious features, users should exercise caution when dealing with applications, especially from obscure sources, and ensure that they are sourced from trusted and secure publishers. You are required to ensure that you use genuine applications and software from
Related article
- YouTube fights ad blockers with warning pop-ups
- YouTube phishing scam using real email address
- Fake YouTube Android app used to distribute CapraRAT
- “If you like the video, you get paid”? YouTube scam empties your wallet
- Popular YouTuber Scuba Jake’s channel hacked to carry out cryptocurrency scam
- Google details cookie stealer malware campaign targeting YouTubers