Cybercriminals are using fake IT support sites that are promoted via YouTube videos to spread information stealing malware. These websites lure victims with the promise of easy fixes for common Windows errors which have reportedly affected millions of users since January this year, a report from Bleeping Computer said.
The malware can extract saved credentials including saved cookies, browsing history and credit or debit card information stored on the device.
Additionally, the malware can also access cryptocurrency wallets, text files, and access the files used for to-factor-authentication. It can also take screenshots of the desktops compromising the financial security of users.
The fake being run by threat actors lure users with an easy fix, requiring them to copy and run a code or import content of a Windows registry file. Once these files are either copied or imported to a device, they execute a script that connects the device to a remote server capable of installing an information stealing malware on to the device.
(For top technology news of the day, subscribe to our tech newsletter Today’s Cache)
To ensure the malware runs properly users are requested to restart their devices which launches the malware. Users are then greeted with a message claiming the Windows error has been fixed.
Users are advised to ensure they download and install software patches only from trusted websites. Additionally, users should also refrain from taking advice from random videos that may be shared from hijacked accounts on YouTube.