[Osaka/Yokohama/Tokushima] Looking for infrastructure/server side engineers!

[Osaka/Yokohama/Tokushima] Looking for infrastructure/server side engineers!

[Deployed by over 500 companies] AWS construction, operation, maintenance, and monitoring services

[Deployed by over 500 companies] AWS construction, operation, maintenance, and monitoring services

[Successor to CentOS] AlmaLinux OS server construction/migration service

[Successor to CentOS] AlmaLinux OS server construction/migration service

[For WordPress only] Cloud server “Web Speed”

[For WordPress only] Cloud server “Web Speed”

[Cheap] Website security automatic diagnosis “Quick Scanner”

[Cheap] Website security automatic diagnosis “Quick Scanner”

[Reservation system development] EDISONE customization development service

[Reservation system development] EDISONE customization development service

[Registration of 100 URLs is 0 yen] Website monitoring service “Appmill”

[Registration of 100 URLs is 0 yen] Website monitoring service “Appmill”

[Compatible with over 200 countries] Global eSIM “Beyond SIM”

[Compatible with over 200 countries] Global eSIM “Beyond SIM”

[If you are traveling, business trip, or stationed in China] Chinese SIM service “Choco SIM”

[If you are traveling, business trip, or stationed in China] Chinese SIM service “Choco SIM”

[Global exclusive service] Beyond's MSP in North America and China

[Global exclusive service] Beyond's MSP in North America and China

[YouTube] Beyond official channel “Biyomaru Channel”

[YouTube] Beyond official channel “Biyomaru Channel”

Beware of the latest malware attack using AI x YouTube! We will explain the tricks and countermeasures!

Explaining the latest malware attacks that exploit AI and YouTube

Thank you for visiting Beyond Blog.
Narita Beyond Technology Sales Department .

Artificial intelligence (AI) is being used in a variety of fields, and we are increasingly seeing its results in the news. Despite these benefits, there have also been reports of cases in which it has been used for fraud and other schemes.

we will explain a malware attack that exploits YouTube , the world's most used online video platform

Please be extremely careful about such attack techniques.

Attack techniques using YouTube

First of all, the full details of the method are as follows.

① Take over YouTube channel

② Post videos generated by AI

③ Direct you to the download site from the link

④ If you open the downloaded file, it will be infected.

Now, I will explain each item individually.

YouTube channel takeover

First, in order to upload videos, the YouTube channel account is hijacked through phishing or stealer logs.

If you search for ``My YouTube channel'' ``hacked'' on search sites or social media, you will receive many testimonials from victims.

Damage report on X

 

The hijacked channels range from those with 22 subscribers to those with millions of subscribers.

It seems that it is not necessarily based on the number of subscribers, but the more subscribers the channel has, the more it spreads and the more reliable it is, so there is a risk of creating more victims.

In many cases, accounts are hijacked by using brute force attacks

to deal with this multi-factor authentication to prevent account authentication from being breached.

Also, always maintain a high level of internet literacy and refrain from clicking on suspicious links or sending careless information on SNS, etc., as this can lead to your account being hijacked.

Post videos generated by AI

Recently, AI tools that generate videos from text and images have also appeared, making it even easier to create videos.

We are exploiting this technology to create videos to be uploaded to YouTube.

The content is an explanation video that says, ``You can download pirated versions of famous paid software and apps.'' By choosing a popular service, you will be more likely to be searched for and get more attention.

Video thumbnails also use all kinds of tricks to tempt you, such as people extracted by AI or popular characters.

Direct to download site

Write the URL in the summary or comment section of the uploaded video, and it will direct you to the download site.

In order to increase the credibility of the attached URL, many comments are posted using BOT etc.

YouTube comment section

 

However, if you look closely at these malicious videos, you can see some suspicious points, such as duplicate comments and text that feels strange in Japanese.

You can prevent attacks by carefully looking at the content and making decisions without being fooled by the number of high ratings or comments.

run file

When you open a downloaded file, you may be infected with information-stealing malware that extracts passwords and financial information, and more recently, information that can identify individuals, such as web browsing history and SNS account information. In some cases, personal information may be collected and transferred.

A momentary letdown on the internet can cause damage in real life, so please be careful of suspicious sites and solicitations.

summary

This time, we introduced a case where AI is misused in a malware attack using YouTube videos.

To avoid such troubles, we strongly recommend that you download from the official website instead of using illegal means when using the service.

Thank you for watching until the end.

* References *

“Cyber ​​attacks that infect YouTube videos with AI generated by malware are increasing” https://news.mynavi.jp/techplus/article/20230314-2624772

"Kaspersky Lab confirms attack campaign infecting YouTube channels with over 180,000 subscribers with malware" https://internet.watch.impress.co.jp/docs/news/1448315.html

If you found this article helpful , please give it a like!
3
Loading...
3 votes, average: 1.00 / 13
752
X facebook Hatena Bookmark pocket
[2025.6.30 Amazon Linux 2 support ended] Amazon Linux server migration solution

[2025.6.30 Amazon Linux 2 support ended] Amazon Linux server migration solution

The person who wrote this article

About the author

Narita [Web marketer x YouTuber]

Responsible for [BtoB marketing, SNS operation, YouTube planning and operation] at an IT engineering company. When I was posting videos on YouTube, I moved around and became a marketer.