"Doctor Web warns of a new trojan spreading through YouTube

26 March 2018
Doctor Web's experts announced the discovery of another Trojan spreading via the popular video hosting site YouTube.It is reported that the new malware, designated as Trojan.PWS.Stealer.23012, affects only Windows computers. Its distribution is very simple. The malicious users post a link to the Trojan in the comments section of YouTube videos, most frequently devoted to games. Curiously, in the majority of cases, the cybercriminals offer to download game-hacking programs or other cheat tools. Instead, unsuspecting victims download a self-extracting RAR archive to their computers, which is where the Trojan is hiding. Having infected the victim's computer, the malware starts gathering cookies and saved logins/passwords from most popular browsers, copies files from the desktop, takes screenshots, and steals other sensitive information. All data obtained by the malware is saved into the folder C:/PG148892HQ8. Then it packs the collected files into a spam.zip archive and sends them to a malicious server along with data on the location of the infected device. This, in turn, enables criminals not only to gain access to victims' accounts in various services but also to obtain confidential or personal information. As before, to ensure the safety of personal data, we recommend following basic rules of online security. In this case do not follow any suspicious links or download files from unverified sources. Besides, it would be a good idea to install a reliable anti-virus on your computer, such as, for example, Dr.Web, Kaspersky Anti-Virus or Eset Nod32.