Fraudulent Binance non-fungible token mystery box bots are being promoted on YouTube as part of a new campaign aimed at distributing the RedLine malware
Attackers have been creating YouTube videos luring viewers into downloading a free mystery box scalper bot, which really contains malware, a Netskope report found. Such videos, which have been uploaded to the video streaming platform from March to April, were found to have a link redirecting to a GitHub repository distributing the RedLine info-stealer malware.
Researchers discovered that the VC redistributable installer was crucial in executing RedLine, which was programmed not to attack host devices located in Russia, Ukraine, Armenia, Azerbaijan, Belarus, Moldova, Kazakhstan, Kyrgyzstan, Tajikistan, and Uzbekistan.
YouTube moderators may have already taken down videos promoting fake Binance NFT mystery boxes that have higher view counts.
Meanwhile, BleepingComputer also discovered free "Binance NFT Bot" being promoted in more recent YouTube campaigns, which was reported by VirusTotal to engage in password-stealing trojan deployment.