Skip to main content

Hackers are using AI to spread dangerous malware on YouTube

YouTube is the latest frontier where AI-generated content is being used to dupe users into downloading malware that can steal their personal information.

As AI generation becomes increasingly popular on several platforms, so does the desire to profit from it in malicious ways. The research firm CloudSEK has observed a 200% to 300% increase in the number of videos on YouTube that include links to popular malware sources such as Vidar, RedLine, and Raccoon directly in the descriptions since November 2022.

Recommended Videos

The videos are set up as tutorials for downloading cracked versions of software that typically require a paid license for use, such as Photoshop, Premiere Pro, Autodesk 3ds Max, AutoCAD, among others.

Bad actors benefit by creating AI-generated videos on platforms such as Synthesia and D-ID. They create videos that feature humans with universally familiar and trustworthy features. This popular trend has been used on social media and has long been used in recruitment, educational, and promotional material, CloudSEK noted.

‍The combination of the previously mentioned methods makes it so users can easily be tricked into clicking malicious links and downloading the malware infostealer. When installed, it has access to the user’s private data, including “passwords, credit card information, bank account numbers, and other confidential data,” which can then be uploaded to the bad actor’s Command and Control server.

Other private info that might be at risk to infostealer malware includes browser data, Crypto wallet data, Telegram data, program files such as .txt, and System information such as IP addresses.

‍While there are many antiviruses and endpoint detection systems on top of this new brand of AI-generated malware, there are also many information stealer developers around to ensure the ecosystem remains alive and well. Though CloudSEK noted that the bad actors sprung up alongside the AI revolution in November 2022, some of the first media attention of hackers using ChatGPT code to create malware didn’t surface until early February.

Information stealer developers also recruit and collaborate with traffers, other actors who can find and share information on potential victims through underground marketplaces, forums, and Telegram channels. Traffers are typically the ones that provide the fake websites, phishing emails, YouTube tutorials, or social media posts on which information stealer developers can attach their malware. There has also been a similar scam with bad actors hosting fake ads on social media and websites for the paid version of ChatGPT.

However, on YouTube, they are taking over accounts and uploading several videos at once to get the attention of the original creator’s followers. Bad actors will take over both popular accounts and infrequently updated accounts for different purposes.

Taking over an account with over 100,000 subscribers and uploading between five and six malware-laced videos is bound to get some clicks before the owner gains control of their account again. Viewers might identify the video as nefarious and report it to YouTube, which will ultimately remove it. A less popular account might have infected videos live and the owner might not be aware for some time.

Adding fake comments and shortened bit.ly and cutt.ly links to videos also makes them appear more valid.

Fionna Agomuoh
Fionna Agomuoh is a Computing Writer at Digital Trends. She covers a range of topics in the computing space, including…
ChatGPT’s Advanced Voice feature is finally rolling out to Plus and Teams subscribers
The Advanced Voice Mode's UI

OpenAI announced via Twitter on Tuesday that it will begin rolling out its Advanced Voice feature, as well as five new voices for the conversational AI, to subscribers of the Plus and Teams tiers throughout this week. Enterprise and Edu subscribers will gain access starting next week.

https://x.com/OpenAI/status/1838642444365369814

Read more
ChatGPT: the latest news and updates on the AI chatbot that changed everything
ChatGPT app running on an iPhone.

In the ever-evolving landscape of artificial intelligence, ChatGPT stands out as a groundbreaking development that has captured global attention. From its impressive capabilities and recent advancements to the heated debates surrounding its ethical implications, ChatGPT continues to make headlines.

Whether you're a tech enthusiast or just curious about the future of AI, dive into this comprehensive guide to uncover everything you need to know about this revolutionary AI tool.
What is ChatGPT?
ChatGPT (which stands for Chat Generative Pre-trained Transformer) is an AI chatbot, meaning you can ask it a question using natural language prompts and it will generate a reply. Unlike less-sophisticated voice assistant like Siri or Google Assistant, ChatGPT is driven by a large language model (LLM). These neural networks are trained on huge quantities of information from the internet for deep learning — meaning they generate altogether new responses, rather than just regurgitating canned answers. They're not built for a specific purpose like chatbots of the past — and they're a whole lot smarter. The current version of ChatGPT is based on the GPT-4 model, which was trained on all sorts of written content including websites, books, social media, news articles, and more — all fine-tuned in the language model by both supervised learning and RLHF (Reinforcement Learning From Human Feedback).
When was ChatGPT released?
OpenAI released ChatGPT in November 2022. When it launched, the initial version of ChatGPT ran atop the GPT-3.5 model. In the years since, the system has undergone a number of iterative advancements with the current version of ChatGPT using the GPT-4 model family. GPT-5 is reportedly just around the corner. GPT-3 was first launched in 2020, GPT-2 released the year prior to that, though neither were used in the public-facing ChatGPT system.
Upon its release, ChatGPT's popularity skyrocketed literally overnight. It grew to host over 100 million users in its first two months, making it the most quickly-adopted piece of software ever made to date, though this record has since been beaten by the Twitter alternative, Threads. ChatGPT's popularity dropped briefly in June 2023, reportedly losing 10% of global users, but has since continued to grow exponentially.
How to use ChatGPT
First, go to chatgpt.com. If you'd like to maintain a history of your previous chats, sign up for a free account. You can use the system anonymously without a login if you prefer. Users can opt to connect their ChatGPT login with that of their Google-, Microsoft- or Apple-backed accounts as well. At the sign up screen, you'll see some basic rules about ChatGPT, including potential errors in data, how OpenAI collects data, and how users can submit feedback. If you want to get started, we have a roundup of the best ChatGPT tips.

Read more
Hackers are leveraging pirated games to spread malware
A man stands in front of a gaming PC.

Pirated or cracked versions of games have long been a hotbed for malware distribution, and cybercriminals are now using CAPTCHA challenges to make their attacks even more effective.

According to a recent report by McAfee Labs, attackers are leveraging CAPTCHA to trick users into thinking that malicious websites or downloads are legitimate. Security researchers first detected the use of CAPTCHAs in malware delivery schemes last month.

Read more