PSA: Beware of these AI-generated YouTube videos that spread malware

If you’re searching for videos on YouTube, be on the look out for tutorial-style videos. Cybercriminals are using them to trick viewers into downloading malware.

Specifically, you’ll want to watch out for tutorial-style videos that claim to teach you how to download cracked versions of paid software like Photoshop, Premiere Pro, AutoCAD, and other licensed products. This most recent form of social engineering — a malicious attempt to manipulate someone into performing an action — has seen a 200%-300% month-on-month increase, according to AI cybersecurity firm CloudSEK.

The YouTube videos in question use a screen recording or audio walkthrough describing the steps on how to download and install the cracked software. And to give it that extra bit of legitimacy, the threat actors use platforms like Synthesia and D-ID to create AI-generated avatars that have a face that people would feel is familiar and trustworthy.

These videos appear to contain links to infostealer malware like Vidar, RedLine, and Raccoon, located in the description. So if you accidently click on the link in the description, you could end up downloading malware that steals your passwords, credit card information, bank account numbers, and other confidential data.

In addition, you’ll want to be careful in general as these cybercriminals are also finding ways to take over popular YouTube channels. In order to reach as many people as possible, these hackers target channels with 100K subscribers or more to upload their videos. While the uploaded video usually gets taken down and original owners regain access to their channel within hours, that’s still enough time for someone to click on the link.