Several YouTube channels have been compromised to enable the distribution of the Lumma Stealer information-stealing malware via videos purporting to share cracked versions of legitimate software, reports Hackread.
Videos uploaded to the hacked YouTube channels included links redirecting to a file-sharing site that included a continuously updated ZIP file, which facilitates the downloading of a private .NET loader establishing a link with GitHub repositories for encrypted binary data installation, a report from Fortinet FortiGuard Labs revealed. Such an attack also involved the utilization of a DLL file for Lumma Stealer payload decoding and further analysis evasion techniques. Infection with Lumma Stealer then allows the exfiltration of users' personal and financial information, as well as login credentials, cryptocurrency funds, and browser extension data, according to researchers.
The findings come months after live streams have been exploited by threat actors to deploy the Redline info-stealing malware as part of a stream-jacking campaign.
