The Hidden Danger on YouTube: FortiGuard Labs Discovers Lumma Stealer Threat
A new cyber threat has been identified: malefactors are exploiting YouTube videos related to pirated software to disseminate a data-stealing malware known as Lumma. These videos typically contain information about hacked applications and are accompanied by similar installation instructions, featuring malicious URLs. These URLs are often shortened using services like TinyURL and Cuttly to lower the vigilance of potential victims.
Such methods have long been employed for distributing various types of malware, including data thieves, cryptocurrency malware, and illegal crypto-mining tools.
Remarkably, these blatantly fraudulent videos can remain on the popular video platform for an extended period before they are eventually removed. The issue of their numerous reuploads is also noteworthy.
Whether Google is culpable for how it has implemented the content moderation system on YouTube remains a mystery. However, it’s hard to believe that the problem cannot be addressed with modern technologies like artificial intelligence and machine learning.
In the most recent recorded attack, perpetrators targeted YouTube users searching for cracked versions of legitimate video editors, such as Vegas Pro. In these phishing videos, hackers employ social engineering techniques, enticing viewers to click on links in the video description, which leads to downloading a fake installer from the file-sharing service MediaFire.
This installer contains a malicious LNK file, disguised as an executable setup file, which covertly downloads a .NET loader from the GitHub repository. Following this, and after verifying that the malware is not running on a virtual machine, Lumma Stealer begins its operation in the compromised system.
Lumma Infostealer, written in C and sold on underground forums since late 2022, is capable of collecting and transmitting confidential data to a server controlled by attackers. According to some reports, the malware was first detected in real attacks as far back as 2018.
In October 2023, we reported on the distribution of this insidious malware via Discord bots exploiting the API of the popular platform for gamers.
For effective protection against info stealers like Lumma and other cyber threats, it is advisable to think twice before running applications downloaded from dubious sources. It is best to use only official channels for downloading any software and to equip oneself with a reliable antivirus solution to further enhance security.
