The Nigerian Communications Commission’s Computer Security Incident Response Team (NCC-CSIRT) has issued a warning to people who are seeking to obtain pirated software and resources, stating that they could potentially fall victim to cybercriminal gangs that are using AI-generated YouTube videos to distribute malware.
These criminals are creating video tutorials that feature humans with trustworthy facial features and are focused on teaching people how to pirate software like AutoCAD and Adobe Photoshop. Unsuspecting victims who watch these AI-generated tutorial videos are being tricked into clicking on links that are included in the video description, leading to the download of data-stealing malware. The number of YouTube videos containing these links has increased significantly, with a 200-300% rise in recent months.
According to the advisory,
“To stimulate the interest of potential victims, video tutorials on how to pirate sought-after software such as AutoCAD, Adobe Photoshop, Adobe Premiere Pro, and other similar paid-for software are created. These videos are created with AI and feature humans with facial features that research has shown other humans find trustworthy.
“The tutorials in these videos are frequently bogus and steer viewers to links in the description that led to information-stealing malware like Raccoon, Vidar, and RedLine,”
The advisory warns that the consequences of becoming a victim can be severe, resulting in damage to data, finances, identity, systems, and reputation. Malicious actors are using AI-generated videos to create hidden or disguised malware that can infect a viewer’s device when the video is downloaded or played. They can also create videos that appear to be legitimate software updates or security patches, but instead contain malware. In addition, phishing scams and ransomware are being distributed through these videos.
To avoid becoming a victim, the advisory recommends avoiding downloading pirated software and installing up-to-date antivirus software and an endpoint detection and response (EDR) solution. Additionally, individuals should think before clicking on any link