Ever since the launch of ChatGPT and its integration into various Microsoft services, Artificial Intelligence (AI) has become an increasingly prevalent technology in our daily lives. This potential has prompted many businesses to integrate AI into their workflow, allowing for increased productivity and the elimination of repetitive tasks. However, according to a report from CloudSEK, a cyber threat management platform, cybercriminals are now leveraging AI to lure unsuspecting users on YouTube to click on links that lead to malware file downloads.
According to the report, the number of YouTube videos inviting people to click on links embedded in video descriptions has increased by 200-300% month-on-month. These videos use screen recordings or audio walkthroughs to describe the steps on how to download and install cracked software like Adobe Premiere Pro and AutoCAD. Additionally, to make these videos appear more authentic, scammers even use platforms like Synthesia and D-ID to create AI-generated avatars and target channels with over 100k subscribers to help the videos reach millions of users.
Once an unsuspecting user clicks on the link in these AI-generated YouTube videos, scammers use info stealer malware such as Vidar, RedLine, and Raccoon to steal passwords, credit card information, bank account numbers, and other confidential data.
How to stay safe from these videos?
To avoid falling victim to these videos, users should look out for red flags such as an AI-generated voice or avatar claiming that premium software like Adobe Premiere Pro can be downloaded without registration or torrents. Further, such videos will often contain instructions on how to troubleshoot issues with downloading files, notes on how to disable antivirus programs, and will prompt users to click on links that may use genuine URL shorteners like bit.ly and cutt.ly and contain a passkey.
Moreover, users should never download anything from unidentified sources and should always verify the authenticity of a site by searching for the domain name on Google. If there is not much information available, it could be a fraudulent site. However, if you have downloaded a file from an unverified source, always run an antivirus before opening it.