Malicious software can pretty much hide anywhere, not just app stores, but also in captions and links in YouTube videos.
Recently, security analysts have spotted a malware distribution campaign that uses games cheat lures on YouTube to trick players into downloading a powerful information stealer.
The malware in this instance has been dubbed RedLine, and it will steal a lot of crucial information if it finds its way onto your device.
This type of abuse is quite common, as the threat actors find it easy to bypass YouTube’s new content submission reviews or create new accounts when reported and blocked.
The Infosec Institute analysis itself indicates this malware began to show up more often in 2021, and it looks like it will continue spreading as threat operators find new and more creative ways to trick users into downloading their malicious files.
A good rule of thumb in this case? It might seem self-evident, but whatever you do, don’t trust random links found in YouTube captions. Even if the comments below these videos praise the uploader and claim the tool works as promised, they should not be trusted as these can easily be faked.
In addition, if you have a good antivirus running in the background and scanning your device in real time, it will detect the malicious file at the time of downloading and will give you an alert.