Judging by the observations, the malware, which is also capable of self-spread, spreads through channels that deal with today’s most popular video games, such as FIFA, Final Fantasy, Forza Horizon, Lego Star-Wars or Marvel’s Spider-Man.
The description of the uploaded videos refers to the sites that promise to give free access to the above-mentioned games,
However, when you click download, it is not surprising that the downloaded game is not on the computer, but the virus reported Computers.
You don’t even notice what’s going on
Kaspersky Lab, a company that provides computer security solutions, also talked about the virus, which reported that its researchers had found a RAR archive containing a group of malicious programs, mostly RedLine, which is currently one of the most widespread phishing programs. RedLine can steal information stored on the victim’s web browser, such as cookies, account passwords, credit card information, access to messaging apps, and compromise cryptocurrency wallets.
The archive also contains an encoder, which makes it possible to mine cryptocurrencies remotely using the graphics card of the user’s computer. And if all this were not enough, the Nirsoft NirCmd utility included in the package, called “nir.exe”, ensures that all virus-related programs are hidden at startup, so that in the absence of an extensive scan, they can run completely unnoticed .
The virus uses browser cookies
The aforementioned RAR archive also contains three malware that are responsible for stealing passwords, uploading and downloading YouTube videos. When the virus somehow reaches the victim’s computer, it can use browser cookies to access the specified YouTube channel, upload a video promoting the virus, and then notify subscribers of it (for example, on a connected Discord channel) – thus almost guaranteeing further spread.
By the way, the channel owner can delete the videos uploaded by the virus at any time, YouTube algorithms also investigate such cases, the only question is when they notice harmful content.
(Cover Photo: (Sophia Kembowski / picture alliance / Getty Images Hungary)