- Malicious trade views extend to YouTube through kidnapped accounts and false videos
- Android users were attacked with Brokewell malware capable of stealing data and enabling remote access
- The YouTube campaign now releases Troyan.agent.gosl through a custom downloader
If you remember the false AdwareView campaign recently seen in the finish line, then bad news, experts have discovered that it has now expanded through Googleads to YouTube.
Bitdefender security researchers discovered an important campaign of evil in the finish line after the threat actors managed to compromise a commercial Facebook account that belonged to a design agency in Norway, using it to execute at least 75 malicious ads that promoted a false application of “commercial commercial cousin”.
The false application, specifically aimed at Android users, Brokewell delivered, a piece of malware capable of capturing login credentials through overlapping screens, as well as intercepting session cookies. You can also register a wide range of user actions, such as touches, blows and text inputs, and you can obtain information such as call records, geolocation, audio calls and more. Finally, the newest variants can serve as a full -fledged remote (rat) Trojans, allowing the remote control of the attackers on the device.
Steal YouTube accounts
Now, almost a month later, the researchers found a legitimate YouTube account that was kidnapped and renowned to seem almost identical to the Royal TrainingView account. The Crooks loaded videos that promote the same false platform, but they kept them without lists to avoid public scrutiny, be marked and, ultimately, retired.
One of those video obtained more than 180,000 visits in just a few days, showing how powerful the evil campaign is really.
There is no way to know how many people really fell in love with the trick and installed malware on their devices, but we do know that Brokewell is not the one that is distributed through YouTube.
Instead, the campaign offers a personalized downloader that eventually drops Troyan.agent.gosl, also known as Jsteal and Weevilproxy.
The best way to stay safe is to use common sense and not trust ads that offer premium versions of different tools for free.
In addition, users should verify if the videos are not on the list or lead to third -party download links. The software should only be downloaded from official sites, and suspicious ads should be informed to Google or YouTube.
TrainingView is a worldwide platform to track financial markets, graphics and share commercial ideas.
