After multiple cases of malware fraud were discovered on WhatsApp and Google Play Store, new ones have popped up on YouTube. These steal passwords, Telegram messages, and even take screenshots. Know all about this malicious YouTube malware.
After multiple cases of malware fraud were discovered on WhatsApp and Google Play Store, new ones have popped up on YouTube. These steal passwords, Telegram messages, and even take screenshots. So, if you are scrolling your way through YouTube videos, then beware! Some of these videos can end up hacking your device! This is because hackers are using YouTube as a carrier to spread new stealer malware dubbed PennyWise to learn all possible information about you. New malware PennyWise has been discovered by cyber researchers of the Cyble Research Labs, who uncovered more than 80 videos on YouTube that have the potential to leave you in danger. The malware focuses on stealing sensitive browser data and cryptocurrency wallets from the victim’s device.
Cybersecurity researchers have found these videos with only a few views belonging to the same YouTube account. Most of these videos illustrate how a piece of bitcoin mining software operates, in an attempt to make users download the software with a shared downloadable link in the description of the video. To make it more legitimate, the file comes with a password-protection and a link to VirusTotal, which confirms the file as “clean” and safe to proceed with. Shockingly, it also shows a warning that some antivirus programs may trigger a false positive alert.
The danger of PennyWise malware
Once a user downloads this file, it ends up planting the PennyWise malware in the system. According to cybersecurity experts, malware is capable of stealing almost all kinds of data! The Pennywise malware can obtain the path for several different browsers it targets including more than 30 Chrome-based browsers, 5 Mozilla-based browsers, Opera, and Microsoft Edge.
This malware is capable of stealing information from system details to login credentials. Even the cookies, encryption keys, master passwords, Discord tokens and Telegram sessions. Moreover, it is capable of taking screenshots while scanning the device for potential cryptocurrency wallets or any crypto-related browser add-ons. Once, hackers are done collecting all the data, then it can be compressed into a single file.
Interestingly, the malware tries to identify the victim’s country, and if the country belongs to Russia, Ukraine, Belarus, and Kazakhstan, then it completely stops all operations. The reports suggest that it could be possible as the hackers are trying to avoid scrutiny by Law Enforcement Agencies in these particular countries for reasons that are unclear as yet.