Cybercriminals Using YouTube to Spread Malware

Web Servers Systems Networks Mobile Networks and Telephones
Advisory ID:
March 23, 2023


Cybercriminal gangs are using AI-generated YouTube videos to distribute malware. Unsuspecting victims who watch these AI-generated tutorial videos will be duped into clicking on one of the links in the video description, which usually results in the download of data-stealing malware. Since November 2022, the number of YouTube videos containing such links has increased by 200-300% month on month.

Description & Consequence

To stimulate the interest of potential victims, video tutorials on how to pirate sought-after software such as AutoCAD, Adobe Photoshop, Adobe Premiere Pro, and other similar paid-for software are created. These videos are created with AI and feature humans with facial features that research has shown other humans find trustworthy. The tutorials in these videos are frequently bogus and steer viewers to links in the description that lead to information-stealing malware like Raccoon, Vidar, and RedLine.

AI-generated YouTube videos can be used for malware distribution in several ways:

  1.   Malicious actors can create AI-generated videos that include hidden or disguised malware. These videos may appear to be harmless or even entertaining, but they can contain malicious code that can infect a viewer's device when the video is downloaded or played.
  2.    Malicious actors can use AI-generated videos to trick viewers into downloading malware. For example, they can create a video that appears to be a legitimate software update or security patch, but in reality, it contains malware that infects the viewer's device.
  3.    Malicious actors can use AI-generated videos to distribute phishing scams. They can create a video that appears to be from a legitimate company or organization and prompts viewers to click on a link to enter their login credentials or personal information. Once the viewer clicks on the link, they are directed to a fake website that steals their information.
  4.    Malicious actors can use AI-generated videos to distribute ransomware. They can create a video that appears to be harmless, but when the viewer clicks on a link or downloads a file associated with the video, their device becomes infected with ransomware that locks them out of their files and demands payment to regain access.


The consequences can be significant and can affect both individuals and organizations. Some of the consequences include:

  1. Data theft: These malware can steal sensitive information from a victim's device, such as login credentials, financial information, or personal data.
  2. Financial loss: These malware can cause financial losses for individuals and businesses by stealing funds or causing system downtime.
  3. Identity theft: These malware can be used to steal an individual's identity, which can result in financial and reputational harm.
  4. System damage: These malware can cause damage to a victim's device, resulting in costly repairs or replacements.
  5. Reputation damage: For businesses, a malware attack can damage their reputation, resulting in loss of customers and revenue.


Some precautions one can take to avoid becoming a victim include:

  1.  Avoid downloading pirated software because they are generally harmful and illegal.
  2. Install antivirus software with internet security and keep it up to date.
  3. Install an endpoint detection and response (EDR) solution that is comprehensive.
  4. Think before clicking any link.



Related Articles