A popular video streaming and sharing website named YouTube is now become the target of threat actors for spreading malware. Few months ago, the cryptocurrency virus was reported to proliferate via YouTube ads and now, the hackers are using YouTube comment section to spread a password stealing Trojan virus called Trojan.PWS.Stealer.23012. The sole intention of this malware is to steal confidential data stored in the web browsers installed on victim’s machine. This malware mainly targets the user’s information like email address, online banking account details, social media credentials and other crucial data as well.
In addition to that, the threat reported as Trojan.PWS.Stealer.23012 propagated through YouTube comment section also has the ability to capture screenshots from the affected computer when the owner uses their device. Another malicious properties of this malware is that it can copy the files that are mainly saved on the desktop of victim’s machine and targets specific file types, such as .doc, .db, .xml, .txt, .png, .sqlite3, .sql, .jpg, .bak, .pdf, .docx, .xls and .sqlite. After that, this threat adds stores the gathered data and stolen files in an archive file identified as ‘Spam.zip’ which saves in a newly developed directory known as ‘C:/PG148892HQ8’.
Once Trojan.PWS.Stealer.23012 does the above-mentioned tasks, the malware sends the data to a Command and Control server operated by criminal hackers remotely. However, there is no doubt that the process of collecting user’s sensitive and confidential information from the affected system can even lead to identity theft. Therefore, malware researchers at RMG highly advise the web surfers to avoid clicking on the links that might look suspicious or out of the league placed in the comment section of a streamed video on YouTube. Once Trojan.PWS.Stealer.23012 virus gets executed onto the user’s computer, the threat steals the vital data from popular Internet browsers like Chrome, Vivaldi, Opera and others to deliver those info to a remotely controlled C&C server.