SET computer researchers have uncovered a virus hiding on YouTube, in the description of videos. Here’s how to defend yourself
They seem harmless videos of recipes or highlights of soccer matches, but in reality they are a devious tool to convey a dangerous virus, called “Casbaineiro” or even “Metamorph”. And the most alarming thing is that you can find these videos on YouTube.
This is the alarm raised by researchers from cybersecurity company ESET, who have identified several dangerous YouTube videos. The stratagem is simple but effective: at the end of the video description a camouflaged link is inserted that would seem to lead to the Facebook or Instagram page of the recipe (or related to soccer matches), but actually sends the viewer to servers from which the real infection starts. And, according to Eset researchers, it’s a very dangerous infection, too: it can steal all our personal data and even empty our bank account.
How to recognize infected videos
Understanding which videos contain the link to Casbaneiro is not easy, because the “format” chosen by hackers is very frequent on YouTube: in the description of the video, information consistent with the video itself is inserted (for example, in the case of video recipes, the ingredients are written), hashtags are added in line with the content and, at the end, the fake link to Facebook or Instagram. In short, everything is very credible and well done, and it is very easy to fall for it.
How Casbaneiro works
If we click on the disguised link, we do not end up on Facebook or Instagram, but on the domain of the C&C (Command and Control) server from where the attack starts using encrypted commands. Casbaneiro is a very dangerous trojan and, as its second name implies, it comes in many forms: it can install a backdoor on our device to track all our activity, take screenshots, record what we visit and what we write. It goes to check if and which antivirus we have installed and can steal from us (by recording our accesses) the credentials of our online current accounts. For clicking on a link at the end of a recipe, then, we can find ourselves with the account emptied. If we have a Bitcoin account, Casbaneiro does even more: it redirects all of our cryptocurrency to the hackers’ wallet.
Latin America and beyond
The reassuring thing, for us Italians, is that Casbaneiro is especially widespread in Latin America. In fact, the videos that convey the infection are all in Spanish language. However, we have to be very careful and monitor the situation in Italy: recipes and soccer, in fact, are two topics that have no borders and very often such videos easily cross borders.