Many are using AI-generated personas to fool viewers into trusting them.
Cyber intelligence firm CloudSEK reports that, since November 2022, there has been a 200-300% increase in content uploaded to the video hosting website that dupes viewers into installing well-known malware.
The videos pretend to be tutorials showing how to download illegal copies of popular paid-for design software for free, such as Adobe Photoshop, Premiere Pro, Autodesk 3ds Max, and AutoCAD.
It would appear that the malware writers have been getting better and are using AI to create a realistic depiction of a person guiding the viewer through the process, all in an attempt to appear more trustworthy.
Infostealers penetrate a user's system and steal valuable personal information, such as passwords and payment details, and are spread via malicious downloads and links, such as those in the description of videos as in this case. This data is then uploaded to the threat actor's server.
YouTube is a prime target for threat actors who deceive the algorithm by using region-specific tags, adding fake comments to make videos seem legitimate, and simply swarming the platform with multiple videos to compensate for any removed and banned videos.
CloudSEK found that 5-10 of these malicious videos are uploaded every hour.
Many hidden links are used, as well as making use of random keywords in various languages so YouTube recommends them.
Also, in order to cover up the malicious nature of the links, link shortening services such as bit.ly are used, as well as links to file hosting services such as MediaFire.
CloudSEK researcher Pavan Karthick. "In a concerning trend, these threat actors are now using AI-generated videos to amplify their reach, and YouTube has become a convenient platform for their distribution."