Skip to content Skip to sidebar Skip to footer

Don't Open This YouTube Video or Risk Spreading Malware to Your Gaming PC

This YouTube video tries to trick PC gamers, and it works through impressive mechanics.

Malware (Photo source: Shutterstock)

Researchers have discovered a new malicious campaign that distributes infostealer type spyware called RedLine Stealer. This, with its very impressive self-reproduction mechanism.

Kaspersky cybersecurity experts have discovered new malware that linked to compromised users' YouTube accounts and uploaded videos to their channel, which distributed the notorious RedLine Stealer.

The victim, who is usually a PC gamer, searches YouTube videos that allow him to access and exploit the crack, a list of cheat codes, for one of his favorite titles. FIFA, Final Fantasy, Forza Horizon, Lego Star Wars, or Spider-Man licenses are specifically targeted.

In the description of the video, there is a link that claims to contain these loopholes and cheats, but actually hosts some bundled malware.

Chain reaction due to malware on YouTube

The package contains the RedLine Stealer, one of the most popular information thieves today. It is capable of stealing passwords stored in browsers, cookies, banking information, instant message conversations, and cryptocurrency wallets.

You will also download a cryptojacker, basically a cryptocurrency miner that uses the computing power of a compromised terminal endpoint to mine certain cryptocurrencies.

Cryptocurrency mining usually requires significant GPU power, which most gamers have.

But what is arguably the most interesting is that the bundle contains three malicious executables, which are used for self-propagation. They are called "MakiseKurisu.exe", "download.exe" and "upload.exe". MakiseKurisu is an information thief that takes browser cookies and stores them locally.

Then, download.exe fetches the fake crack video from the GitHub repository and forwards it to upload.exe, which uploads it to the victim's YouTube account… after using cookies to log in.


If the victim is not a frequent YouTube user or if notifications are turned off, it is likely that the malicious video will remain on their YouTube channel for a long time before being removed.

“When a video is successfully uploaded to YouTube, upload.exe sends a message to Discord with a link to the uploaded video,” explains Kaspersky.

Post a Comment for "Don't Open This YouTube Video or Risk Spreading Malware to Your Gaming PC"