Earlier this month, FortiGuard Labs discovered a persistent malware campaign aimed at YouTube users looking for unlicensed software. Videos promoting the download of cracked (also known as pirated) software are posted on YouTube by reputable channels with a sizable subscriber base. Victims are encouraged to run malicious files that introduce a variety of malware into their systems with the aim of gathering login information, engaging in cryptojacking, and stealing cryptocurrency from wallets.
Other researchers looked at this campaign and wrote a report on it. Even while there are some similarities to what we discovered, this study offers new insights, like the distribution of a third malware family to the victims. The whole attack chain and technical information on the malware parts that make up this campaign are covered in this article.