Malicious YouTube videos are tricking users into installing malware, spreading a hidden “ghost network” across thousands of PCs.
Cybercriminals have recently turned their attention towards a new battleground: YouTube. Yes, rather than relying on phishing emails or malicious websites, they’re now hiding their malware in what appear to be harmless videos. Many of the videos in this campaign use the promise of free downloads for popular software and games to entice victims. However, the links used in these videos lead to nothing but malware which can steal data, hijack PCs, and quietly force them into a vast network of infected machines.
The average PC user may not pick up on the dangers of YouTube videos. After all, it’s YouTube, a legitimate entertainment platform. Unfortunately, nothing is ever as it seems online. And that’s why Ophtek is here to show you how to stay safe.
A Silent Threat on YouTube
The campaign has been dubbed Ghost Network by security researchers, and this name underlines exactly how it spreads and operates. Tempted by a YouTube video which promises a free version of a popular application or game – such as Photoshop or Roblox – users are encouraged to click a link in the video description. This link, the user is promised, will take them to a free download of the software. But all this link will deliver is malware.
Once this malware is installed, it gets to work by stealthily recording keystrokes and giving attackers access to usernames, passwords, and sensitive data such as banking information. It also has the power to download and install additional malicious software. Worse still, it’s sophisticated enough to pull the PC into being part of a botnet – the threat actors can then use the infected PC to help send spam, launch further attacks, and mine cryptocurrency with the hijacked resources.
The attack itself is highly organized. Numerous YouTube channels have been set up to host multiple malicious videos to help maximize the reach of this threat. Links are frequently rotated and videos are constantly being taken down and then reuploaded, all of which makes it harder for security software to detect the threat and for YouTube to remove it.
The hackers have also proved to be innovative when it comes to making the videos appear trustworthy. By posting hundreds of fake ‘positive’ comments under these comments, the threat actors are playing a psychological game where they trick victims into assuming the content is safe.
Protecting Yourself Against the Ghost Network
The Ghost Network represents a major threat for anyone who sets foot on YouTube – for context, YouTube gets around 2.5 billion visitors per month. Accordingly, you need to know how to stay safe, so make sure you follow Ophtek’s top tips:
- Think Before You Click: If it sounds too good to be true, it’s unlikely to be what you’re expecting. This is why you should never download software from unverified sources, no matter how official it looks. Always stick to trusted and official websites.
- Keep Your Software Updated: Malware often exploits vulnerabilities on PCs, so it’s crucial that you regularly install software updates and patches to secure your system.
- Be Wary of YouTube Links: Avoid clicking links listed in YouTube video descriptions unless you know they’re 100% legitimate. Unusual links – or those which use URL shorteners such as bitly links – should be avoided as it’s difficult to determine whether these will take you to malicious links.
For more ways to secure and optimize your business technology, contact your local IT professionals.
