Threat actors are incorporating AI-generated identities into YouTube videos to load stealth malware and begin phishing campaigns in an effort to capitalize on the perception that people trust human faces in general.
As per details, Artificial Intelligence is being used to generate videos pretending to be step-by-step tutorials on how to access programs like Photoshop, Premiere Pro, Autodesk 3ds Max, AutoCAD, and others without a license. Instead, the videos are loaded with infostealer malware that scrapes the viewer’s sensitive personal data stored on the device.
The videos spotted by researchers are masked as tutorials on ways to download free versions of software like Adobe Photoshop, Premiere Pro, Autodesk 3ds Max, AutoCAD, etc. that are only available to paid users.
Researchers with CloudSEK measured a month-over-month increase of 200% to 300% since November 2022 of AI-created YouTube videos with links to infostealer malware, including Vidar, RedLine, and Raccoon.
Researchers for the contextual AI company said the videos lure users by pretending to be tutorials on how to download cracked versions of software only available to paid users such as Photoshop, Premiere Pro, Autodesk 3ds Max and AutoCAD. The threat actors use previous data leaks, phishing techniques and stealer logs to take over existing YouTube accounts.
Infostealers can steal information like passwords, credit card information, bank account numbers, and more from users if they mistakenly end up clicking on a malicious link that downloads a file. Once the information is stolen, it is shared with the attacker’s server.
This is a worrying trend, given that YouTube has over 2.5 billion active monthly users, and it’s not a stretch to assume that not everyone on the platform is well-versed in ways to protect yourself from threat actors.
“It is well known that videos featuring humans, especially those certain facial features, appear more familiar and trustworthy,” the CloudSEK report explained. “Hence, there has been a recent trend of videos featuring AI-generated personas, across languages and platforms (Twitter, Youtube, Instagram), providing recruitment details, educational training, promotional material, etc. And threat actors have also now adopted this tactic.”
