NCC-CSIRT warns against pirated YouTube software-related malware
March 27, 2023
The Nigerian Communications Commission’s Computer Security Incident Response Team (NCC-CSIRT) has warned against pirated YouTube software-related malware.
NCC-CSIRT warned those looking to acquire pirated software and resources, adding that they risk becoming victims of cybercriminal gangs that are using AI-generated YouTube videos to distribute malware.
NCC’s Director of Public Affairs, Dr Reuben Muoka, made this known in a statement on Sunday in Abuja.
Muoka said NCC-CSIRT further warned in its advisory that the consequences of falling victim can be significant for individuals and organisations.
This, he said, would result in critical damage like data theft, financial loss, identity theft, system damage, and reputation damage.
“Unsuspecting victims who watch these AI-generated tutorial videos will be duped into clicking on one of the links in the video description.
“It usually results in the download of data-stealing malware.
“The number of YouTube videos containing such links had increased by 200-300 per cent month-on-month since November 2022,” Mouka said.
According to the advisory, to stimulate the interest of potential victims, video tutorials on how WQAato pirate sought-after software such as AutoCAD, Adobe Photoshop, Adobe Premiere Pro, and other similar paid-for software were created.
“These videos are created with AI and feature humans with facial features that research has shown other humans find trustworthy.
“The tutorials in these videos are frequently bogus and steer viewers to links in the description that led to information-stealing malware like Raccoon, Vidar, and RedLine,” Mouka added.
He said malicious actors can create AI-generated videos that include hidden or disguised malware.
Mouka said these videos may appear to be harmless or even entertaining, but they can contain malicious code that can infect a viewer’s device when the video was downloaded or played.
He said cybercriminal actors can also use AI-generated videos to trick viewers into downloading malware.
Mouka said: “For example, they can create a video that appears to be a legitimate software update or security patch, but it contains malware that infects the viewer’s device.
“They equally use AI-generated videos to distribute phishing scams.
“They can create a video that appears to be from a legitimate company or organisation and prompts viewers to click on a link to enter their login credentials or personal information.
“Once the viewer clicks on the link, they are directed to a fake website that steals their information.”
He also said that malicious actors can use AI-generated videos to distribute ransomware.
Mouka added: “They can create a video that appears to be harmless, but when the viewer clicks on a link or downloads a file associated with the video,
“Their device becomes infected with ransomware that locks them out of their files and demands payment to regain access.
“To avoid becoming a victim, telecom consumers should avoid downloading pirated software because they are generally harmful and illegal.”
He said that the advisory recommended installation of antivirus software with internet security.
Mouka advised the public to keep up to date by installing an endpoint detection and response (EDR) solution that was comprehensive, and thinking before clicking any link.