Researchers have
tracked
a hacking campaign that is spreading the Aurora malware through YouTube videos.
The malware is an information stealer written in the GO programming language.
- Clicking the links in these YouTube video descriptions redirects the victim to false websites.
-
The malware is designed to query the vendor ID of the graphics card installed on a system and compare it against a set of listed vendors, such as :
- If the value doesn't match, the loader terminates itself.
-
The loader ultimately decrypts the final payload and injects it into a legitimate process called "sihost.exe" using a technique called
process hollowing
.
- The threat actors behind the campaign, tracked as in2al5d p3in4er, are using social hacking to continue redirecting new waves of users onto the false websites.
أضف تعليقاً: