YouTube videos made with AI are spreading malware

It goes without saying, but don’t try and download pirated software

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

YouTubehas seen a recent surge in the number of videos containing harmful links to infostealers in their descriptions, with many using AI-generated personas to fool viewers into trusting them.

Cyber intelligence firm CloudSEKreportsthat, since November 2022, there has been a massive 200-300% increase in content uploaded to thevideo hosting websitethat dupes viewers into installing well-knownmalwaresuch as Vidar, RedLine and Raccoon.

The videos pretend to be tutorials showing how to download illegal copies of popular paid-for design software for free, such asAdobePhotoshop, Premiere Pro, Autodesk 3ds Max, and AutoCAD.

Appearing trustworthy

Appearing trustworthy

The tutorial videos have been growing in sophistication, from screen recordings and audio-only walkthroughs, to now using AI to create a realistic depiction of a person guiding the viewer through the process, all in an attempt to appear more trustworthy.

CloudSEK notes that AI-generated videos in general are on the rise, used for legitimate educational, recruitment and promotional purposes, but now for nefarious ends as well.

Infostealers, as the name suggests, penetrate a user’s system and steal valuable personal information, such as passwords and payment details, and are spread via malicious downloads and links, such as those in the description of videos as in this case. This data is then uploaded to the threat actor’s server.

CloudSEK address the fact that,with 2.5 billion users a month, YouTube is a prime target for threat actors who, in order to eschew the platform’s automated content review process, work to deceive the algorithm in various ways.

Are you a pro? Subscribe to our newsletter

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

These include using region-specific tags, adding fake comments to make videos seem legitimate, and simply swarming the platform with multiple videos to compensate for any removed and banned videos. CloudSEK found that 5-10 of these malicious videos are uploaded every hour.

In order to optimize forSEO, many hidden links are also used, as well as making use of random keywords in various languages so that the YouTube algorithm ends up recommending them.

Also, in order to cover up the malicious nature of the links, link shortening services such as bit.ly are used, as well as links tofile hosting servicessuch asMediaFire.

“The threat of infostealers is rapidly evolving and becoming more sophisticated," said CloudSEK researcher Pavan Karthick. “In a concerning trend, these threat actors are now utilizing AI-generated videos to amplify their reach, and YouTube has become a convenient platform for their distribution.”

AI has opened a new front in the war with cybercrime

Microsoft chief warns more deepfake threats could be coming soon>Phishing works so well that cybercriminals don’t need deepfakes

CloudSEK suggests that “traditional string-based rules will prove ineffective against malware that dynamically generates strings and/or uses encrypted strings.”

Instead, it recommends that firms adopt a more manual approach, where the tactics and techniques of threat actors are closely monitored in order to correctly identify threats.

In addition, CloudSEK suggests that awareness campaigns should be conducted, sharing simple advice such as refraining from clicking on unknown links and using multi-factor authentication to sure up accounts, ideally with anauthenticator app.

Lewis Maddison is a Reviews Writer for TechRadar. He previously worked as a Staff Writer for our business section, TechRadar Pro, where he had experience with productivity-enhancing hardware, ranging from keyboards to standing desks. His area of expertise lies in computer peripherals and audio hardware, having spent over a decade exploring the murky depths of both PC building and music production. He also revels in picking up on the finest details and niggles that ultimately make a big difference to the user experience.

This new phishing strategy utilizes GitHub comments to distribute malware

Should your VPN always be on?

Your next smartwatch could be battery-free – and powered by your skin