Proofpoint has issued a warning to home computer users about a new YouTube campaign distributing infostealer malware disguised as pirated software and video game cracks.


The malware, including Vidar [1] [2] [3] [5], StealC [1] [2] [3] [4] [5], and Lumma Stealer [1] [2] [3] [4] [5], is being spread through YouTube channels targeting consumer users without enterprise-grade security measures. Threat actors use compromised or new accounts to post videos with malicious links [4], leading to malware infections. YouTube has removed accounts and videos distributing malware [1] [3] [4] [5]. MediaFire and Discord links are commonly used to connect victims to the malware [1] [5], with MediaFire links leading to password-protected files containing Vidar Stealer [4]. The malware payload also uses social media platforms for command and control instructions [4]. The campaign targets non-enterprise users, especially children playing popular games, by tricking them into clicking harmful links in video descriptions [2].


This campaign poses a significant threat to non-business users, emphasizing the importance of implementing strong security measures. Users should be cautious of suspicious links and regularly update their security software to prevent malware infections. The impact of this campaign highlights the need for increased awareness and vigilance among home computer users to protect against future threats.