Racketeers Using YouTube Comment Section For Distributing Malware


A popular video streaming and sharing website named YouTube is now become the target of threat actors for spreading malware. Few months ago, the cryptocurrency virus was reported to proliferate via YouTube ads and now, the hackers are using YouTube comment section to spread a password stealing Trojan virus called Trojan.PWS.Stealer.23012. The sole intention of this malware is to steal confidential data stored in the web browsers installed on victim’s machine. This malware mainly targets the user’s information like email address, online banking account details, social media credentials and other crucial data as well.

In addition to that, the threat reported as Trojan.PWS.Stealer.23012 propagated through YouTube comment section also has the ability to capture screenshots from the affected computer when the owner uses their device. Another malicious properties of this malware is that it can copy the files that are mainly saved on the desktop of victim’s machine and targets specific file types, such as .doc, .db, .xml, .txt, .png, .sqlite3, .sql, .jpg, .bak, .pdf, .docx, .xls and .sqlite. After that, this threat adds stores the gathered data and stolen files in an archive file identified as ‘Spam.zip’ which saves in a newly developed directory known as ‘C:/PG148892HQ8’.

Also Read: Thousands of Government Sites Infected with Monero-Mining Script

Once Trojan.PWS.Stealer.23012 does the above-mentioned tasks, the malware sends the data to a Command and Control server operated by criminal hackers remotely. However, there is no doubt that the process of collecting user’s sensitive and confidential information from the affected system can even lead to identity theft. Therefore, malware researchers at RMG highly advise the web surfers to avoid clicking on the links that might look suspicious or out of the league placed in the comment section of a streamed video on YouTube. Once Trojan.PWS.Stealer.23012 virus gets executed onto the user’s computer, the threat steals the vital data from popular Internet browsers like Chrome, Vivaldi, Opera and others to deliver those info to a remotely controlled C&C server.

Meanwhile, this is not the first time when hackers targeted the world’s most used and largest video streaming website known as YouTube. Earlier in this year, threat actors affects this portal and started distributing the cryptocurrency miner Trojan. Researchers found malicious CoinHive JavaScript code that was used by the con artists as a Monero Miner virus to mine popular cryptocurrency like Monero. Therefore, to remove all the malicious ads responsible for promoting cryptocurrency Trojan virus and targeting the computer users located in specific countries including Italy, Japan, Spain, Taiwan and France, Google takes more than a week for the elimination of those ads. Based on the recent research report, Google had already cleaned up the malicious comments spreading Trojan.PWS.Stealer.23012 malware or any other content from the YouTube comment section to protect their users from any damages.