Beware of the latest malware attack using AI x YouTube! We will explain the tricks and countermeasures!

Thank you for visiting Beyond Blog.
Narita Beyond Technology Sales Department .

Artificial intelligence (AI) is being used in a variety of fields, and we are increasingly seeing its results in the news. Despite these benefits, there have also been reports of cases in which it has been used for fraud and other schemes.

we will explain a malware attack that exploits YouTube , the world's most used online video platform

Please be extremely careful about such attack techniques.

Attack techniques using YouTube

First of all, the full details of the method are as follows.

① Take over YouTube channel

② Post videos generated by AI

③ Direct you to the download site from the link

④ If you open the downloaded file, it will be infected.

Now, I will explain each item individually.

YouTube channel takeover

First, in order to upload videos, the YouTube channel account is hijacked through phishing or stealer logs.

If you search for ``My YouTube channel'' ``hacked'' on search sites or social media, you will receive many testimonials from victims.

 

The hijacked channels range from those with 22 subscribers to those with millions of subscribers.

It seems that it is not necessarily based on the number of subscribers, but the more subscribers the channel has, the more it spreads and the more reliable it is, so there is a risk of creating more victims.

In many cases, accounts are hijacked by using brute force attacks

to deal with this multi-factor authentication to prevent account authentication from being breached.

Also, always maintain a high level of internet literacy and refrain from clicking on suspicious links or sending careless information on SNS, etc., as this can lead to your account being hijacked.

Post videos generated by AI

Recently, AI tools that generate videos from text and images have also appeared, making it even easier to create videos.

We are exploiting this technology to create videos to be uploaded to YouTube.

The content is an explanation video that says, ``You can download pirated versions of famous paid software and apps.'' By choosing a popular service, you will be more likely to be searched for and get more attention.

Video thumbnails also use all kinds of tricks to tempt you, such as people extracted by AI or popular characters.

Direct to download site

Write the URL in the summary or comment section of the uploaded video, and it will direct you to the download site.

In order to increase the credibility of the attached URL, many comments are posted using BOT etc.

 

However, if you look closely at these malicious videos, you can see some suspicious points, such as duplicate comments and text that feels strange in Japanese.

You can prevent attacks by carefully looking at the content and making decisions without being fooled by the number of high ratings or comments.

run file

When you open a downloaded file, you may be infected with information-stealing malware that extracts passwords and financial information, and more recently, information that can identify individuals, such as web browsing history and SNS account information. In some cases, personal information may be collected and transferred.

A momentary letdown on the internet can cause damage in real life, so please be careful of suspicious sites and solicitations.

summary

This time, we introduced a case where AI is misused in a malware attack using YouTube videos.

To avoid such troubles, we strongly recommend that you download from the official website instead of using illegal means when using the service.

Thank you for watching until the end.

* References *

“Cyber ​​attacks that infect YouTube videos with AI generated by malware are increasing” https://news.mynavi.jp/techplus/article/20230314-2624772

"Kaspersky Lab confirms attack campaign infecting YouTube channels with over 180,000 subscribers with malware" https://internet.watch.impress.co.jp/docs/news/1448315.html