Be careful! After WhatsApp, Google Play Store, hackers use YouTube malware to trap users; meet PennyWise
After many cases of malware fraud were discovered on WhatsApp and the Google Play Store, new cases have surfaced on YouTube. They steal passwords, Telegram messages and even take screenshots. Know all about this malicious YouTube malware.
After many cases malware Fraud detected on WhatsApp and Google Game Store, new ones have appeared on YouTube. They steal passwords, Telegram messages and even take screenshots. So if you’re scrolling through YouTube video, then be careful! Some of these videos may lead to your device being hacked! This is because hackers are using YouTube as a media to spread new stolen malware called PennyWise that learns all possible information about you. New PennyWise malware has been discovered by Cyble Research Labs network researchers, who have discovered more than 80 YouTube videos that potentially put you at risk. The malware focuses on stealing sensitive browser data and cryptocurrency wallets from the victim’s device.
Cybersecurity researchers have found these videos have only a few views belonging to the same YouTube account. Most of these videos demonstrate how a bitcoin mining software works, in order to get users to download the software using the download link shared in the video’s description. To make it more legit, the file comes with password protection and a link to VirusTotal, which confirms the file is “clean” and safe to proceed. Incredibly, it also shows a warning that some anti-virus programs may trigger a false positive warning.
The dangers of PennyWise malware
After the user downloads this file, it creates PennyWise malware in the system. According to cybersecurity experts, malware is capable of stealing almost any type of data! The Pennywise malware was able to obtain links for a number of different browsers it targets, including more than 30 Chrome-based browsers, 5 Mozilla-based browsers, Opera, and Microsoft Edge.
This malware is capable of stealing information from system details to login. Even cookies, encryption keys, master passwords, Discord tokens, and Telegram sessions. Furthermore, it is capable of taking screenshots while scanning the device for potential crypto wallets or any crypto-related browser add-ons. After collecting all the data, the hacker can compress it into a single file.
Interestingly, the malware tries to identify the victim’s country, and if that country belongs to Russia, Ukraine, Belarus, and Kazakhstan, it will completely stop all activities. Reports suggest it may be because hackers are trying to avoid Law Enforcement surveillance in these specific countries for reasons that are not yet clear.
