Links from YouTube video captions are being used to hide password-stealing malware

Definitely do not cross this RedLine

Malware can hide inside perfectly innocent-looking Play Store apps. One day you download something for two-factor authentication or even an app that looks like it was built to clean viruses off your phone and the next thing you know a hacker in Russia is logging in to your bank account. Malicious software can pretty much hide anywhere, not just app stores, and that includes captions for YouTube videos. In this case, the malware in question wants to steal your passwords and links to it have been associated with videos claiming to provide hacks and cheats for games.

This example was reported by Korean security specialists Asec, found via Bleeping Computer. The malware in this instance has been dubbed RedLine, and it wants to steal a lot of crucial information if it finds its way onto your device. Asec discovered links to download RedLine in the caption for a YouTube video that appeared to offer hacks for the free Windows game, “Valorant.” According to Bleeping Computer, it’s not even that hard for bad links of this kind to sneak onto the platform because “threat actors find it easy to bypass YouTube’s new content submission reviews or create new accounts when reported and blocked.”


So – say you’re a frustrated gamer looking to find something called an “auto-aiming bot” to help you level up in a shooter like “Valorant” and you find a video promoting a cheat with a link in the caption. It might take you to a file with a name like “Cheat installer.exe.” You download it thinking you’ll be able to insert it into the game and start racking up points, but what you’ve actually done is given RedLine a doorway to your private information. Asec listed all the data it can steal, and it includes passwords, credit card numbers, information saved for AutoFill forms, bookmarks, and cookies. RedLine can also drain crypto accounts and targeted wallets include Armory, AtomicWallet, BitcoinCore, Bytecoin, DashCore, Electrum, Ethereum, and Jaxx. Researchers also found that RedLine uses Discord to send information back to the malware’s command and control system – a recent but not uncommon development.

If delivering malicious software by using a YouTube lure isn’t exactly new, researchers report it still isn’t quite as common as methods like phishing emails and SMS. The Infosec Institute analysis of RedLine itself indicates it began to show up more often in 2021, and it looks like it will continue spreading as threat operators find new and more creative ways to trick users into popping their poison pills. A good rule of thumb in this case? It might seem self-evident, but whatever you do, do not trust random links found in YouTube captions or comments.

Here’s how to turn the Galaxy S22 hole-punch into a notification light

Combine it with the Energy Ring app and you will not even miss LEDs

Read Next

About The Author

Leave a Reply

Your email address will not be published.