Another piece of news from the cybersecurity community. The RedLine malware is now spreading via YouTube using the NFT theme.
As we see, everything new that becomes popular does not lose the attention of scammers. Attackers have now used the popular YouTube platform.
Researchers have uncovered a new campaign to spread the RedLine Stealer – a low-cost password stealer sold on underground forums – through a series of YouTube videos that take advantage of global interest in NFTs.
The lure is a bot’s offer to allow a user to automatically purchase Binance NFT Mystery Boxes when they become available. The bot is fake, however. Video descriptions on YouTube pages lead victims to unwittingly download RedLine Stealer from a GitHub link, according to Gustavo Palazolo, malware analyst at Netskope Threat Labs.
Hackers deploying the malware launched thousands of attacks against systems in more than 150 countries and territories in April.
RedLine allows attackers to access system information such as usernames, hardware, installed browsers, and antivirus software before exfiltrating passwords, credit cards, crypto wallets, and VPN connections to a remote command and control server.
With RedLine Stealer, hackers have the ability to extract login credentials from web browsers, FTP clients, email apps, instant messaging clients, and VPNs before selling them on underground markets
The malware does not run, Palazolo said, if the infected computer is detected in one of these countries:
Armenia
Azerbaijan
Belarus
Kazakhstan
Kyrgyzstan
Moldova
Russia
Tajikistan
Ukraine
Uzbekistan
https://ikoku-news.com/nft/password-stealer-now-propagates-from-a-github-link-that-uses-nft-content-as-bait/