[Read]: YTStealer Malware

[btc_angela]

Well in the last couple of years, we've heard that Youtube has been a target for cyber criminals as well. I think there were a period wherein a lot of accounts has been hack specially those who have a lot of subscribers and then used it to spread crypto scams, and it was a very effective method as it netted money for this cyber actors.

And so recently, there was a particular malware that is only target Youtube, called: YTStealer Malware.

YTStealer is a malware whose objective is to steal YouTube authentication cookies.

So you might ask the question, how is this malware spread?

Well, some of us who are in Youtube obviously, needs some video editing software and that's where the criminals spread it.

One of the groups is “Digital, Image, and Video software”. We found fake installers for OBS Studio, an open-source streaming software. Additionally, we identified a few video editing software installers which included Adobe Premiere Pro, Filmora, and HitFilm Express. In the audio category, we identified fake installers for digital audio workstation (DAW) applications and plugins. This included the DAWs Ableton Live 11 Suite and FL Studio. The plugins included the infamous Antares Auto-Tune Pro, but also Valhalla DSP, FabFilter Total, and Xfer Serum.

And then the next target is the gamers.

The second group is what we call “Game mods and cheats”. The games match popular games used by streamers and content creators. We identified fake installers for the FiveM Grand Theft Auto V mod, different “hacks” for Roblox, and cheats for Counter-Strike Go, and Call of Duty. A variant of the Valorant hack reported on by AhnLab earlier was also discovered. Valorant “gamers” were also targeted by a “Skin Changer”.

And in conjunction with this, the device drivers:

n this group, we found fake installers for tools such as “Driver Booster” and “Driver Easy”.

And the last group, and this is universal and "some" of us might fall in this category:

The last group is for other software and “cracks”. Here we identified anything from fake installers for security products, such as Norton Security and Malwarebytes to “token generators” and “cracks” for services such as Discord Nitro, Stepn, and Spotify Premium.

The overwhelming part of these fake installers are for pirated versions of the software, but we also see some fake installers for game mods. This finding should further stress the importance of only obtaining software from trusted sources. Only obtain software directly from the vendor or “modding” group.

For a detailed technical explanation you can read it here: https://www.intezer.com/blog/research/ytstealer-malware-youtube-cookies/
So again, we shouldn't be practicing downloading fake and crack softwares specially if you are into crypto because this is where these hackers and cyber criminals get a hold of your PC and laptop and then going into stealing all the personal data specially crypto from our machine, and once you are affected, you really don't know about it until it's too late.

[Pmalek]

If you have the luxury of using multiple computers or laptops, use only one of your devices for things like gaming, torrenting, experimental/pirated software, pornography, etc. These activities should not take place on the same computers you use for work and your financials. In case you get infected with any type of malware, your work stuff, your crypto, and everything else related to your personal information and safety shouldn't be obtainable from that device.   

[NeuroticFish]

If you have the luxury of using multiple computers or laptops, use only one of your devices for things like gaming, torrenting, experimental/pirated software, pornography, etc. These activities should not take place on the same computers you use for work and your financials. In case you get infected with any type of malware, your work stuff, your crypto, and everything else related to your personal information and safety shouldn't be obtainable from that device.   

You don't even need the luxury of having two computers. You can easily install a VirtualBox, install your favorite OS on it and have a virtual computer for fishy stuff with almost no risk to the actual computer.
Of course, make sure you don't run cracks and keygens on your main computer because then you deserve your fate.

[Pmalek]

You can easily install a VirtualBox, install your favorite OS on it and have a virtual computer for fishy stuff with almost no risk to the actual computer.

That's true. However, depending on the complexity of the malware, there have been cases of malware escaping the virtual environments and infecting the host computers due to some vulnerabilities in the software. Some malware can also detect if they are being run in a virtual box environment. So when you test it, it won't act maliciously to raise any suspicion. You might think it's clean, so you let it out yourself.     

[NeuroticFish]

You can easily install a VirtualBox, install your favorite OS on it and have a virtual computer for fishy stuff with almost no risk to the actual computer.

That's true. However, depending on the complexity of the malware, there have been cases of malware escaping the virtual environments and infecting the host computers due to some vulnerabilities in the software. Some malware can also detect if they are being run in a virtual box environment. So when you test it, it won't act maliciously to raise any suspicion. You might think it's clean, so you let it out yourself.     

I'd guess that such "escapes" have happened simply because the network was not isolated correctly and they started attacking whatever they found in the local network, i.e. the host computer.
However, nothing is perfect, clearly different computer is safer. However, using Virtual Box would probably make us avoid 99%+ of the cases.

Plus: I've never said to run the software again on main computer, no. Unsafe software can stay on the virtual environment only. You don't know what can cause the program "call home" and download the actual package, you don't know when that will be. Such tests are to be done by professionals.

[Text]

Recently I was looking for video editing software that I would use in my video tutorial and OBS Studio for screen recording was recommended to me. Fortunately, I know where I should download its installer, and that is only on its official website. So we should avoid downloading software from third-party hosting services especially if it is not trustworthy. Sometimes we also encounter people sharing cracked software in other forums and there are times when we forget what to avoid.  Users should keep in mind the risks involved if they allow their accounts and other private information on their devices to be compromised rather than spending a legitimate subscription.

[Yaunfitda]

I guess some of us here at one time, have been downloading knowing and unknowingly softwares that has malware in it. I will admit that before I used to do that, but it was long ago, prior to joining to crypto.

Yeah, even if you run it on Virtual or Sand box, malware like this has the capability to detect the environment. As per the article:

The first thing it does when it’s executed is to perform some environment checks. This is to detect if the malware is being analyzed in a sandbox. The code that performs the checks comes from an open-source project hosted on GitHub called Chacal. Figure 1 shows a screenshot of the project’s readme file. The framework is marketing itself for Red Teams and pen-testers. It provides anti-debugging, anti-memory analysis, and anti-VM functionality.

[Pmalek]

And how many malware out there have such capability?

Probably not that many since it takes more time to create and customize such types of malware. They could maybe be created when an attacker is targeting a particular person or a company and wants to ensure that he gets what he wants. But the majority of the stuff you find in the wild are unlikely to possess such capabilities.   

[Lucius]

So again, we shouldn't be practicing downloading fake and crack softwares specially if you are into crypto because this is where these hackers and cyber criminals get a hold of your PC and laptop and then going into stealing all the personal data specially crypto from our machine, and once you are affected, you really don't know about it until it's too late.

It's probably still something that a lot of people use (crack software), but if you're already going in the direction of getting something cheap - then why not choose a license for certain software that is sold for just a few $ for the OS or most AV? In this way, you cannot infect your computer because you are not downloading any file, and you are downloading the program from a legitimate website.

Security can never have too high price, but I understand some kid who doesn't even have money to eat a decent meal every day, and tries to get some software for free - even though it often turns out to be the most expensive way. When I was young and inexperienced back in the days of dial-up internet, one such crack cost me (actually my parents) a lot. I got infected by a dialer who called some exotic location and got a bill that was enormous - an expensive school from which I learned a lot.

[Sandra_hakeem]

Cyber securities are trying thier best every single day to ensure the security of Bitcoin and yet, fraudulent and uneven act still drives alot of investors in penury.I read that these fraudsters don't just increase daily but they'll also go into well equipped studies and improve their luminosity which makes on the contrary,the effort of a little network of cyber securities futile.
I solemnly think that the solution is to deploy more enhanced securities. Bitcoin is freedom,fiat is slavery; FREEDOM is one thing, SAFETY is another.

[Husires]

I don't know, but can someone put, say, 1 BTC and download random programs from the Internet? How is he expected to keep his money?
It does not require you to have another computer, but rather to buy a hardware wallet or a USB and burn an open source operating system on it.

However, nothing is perfect, clearly different computer is safer. However, using Virtual Box would probably make us avoid 99%+ of the cases.

When viruses reach the core, it is hard to trust that the system is safe.

[NeuroticFish]

I don't know, but can someone put, say, 1 BTC and download random programs from the Internet? How is he expected to keep his money?

I think that you may have missed a couple of words when writing this...

However, nothing is perfect, clearly different computer is safer. However, using Virtual Box would probably make us avoid 99%+ of the cases.

When viruses reach the core, it is hard to trust that the system is safe.

Well, good luck convincing most of the world throw away Windows and maybe iOS too.
On the other hand improving people's habits may not be a big hassle for those who care, but they're uninformed.