RedLine stealer is infected with fake Valorant cheats on YouTube

RedLine stealer infected Valorant cheats

Security researchers in Korea have discovered a malware distribution operation on YouTube that leverages Valorant cheat lures to fool gamers into installing RedLine, a strong information stealer.

Threat actors find it simple to get over YouTube’s new content submission evaluations or establish new accounts after being reported and prohibited, therefore this form of abuse is fairly widespread.

The effort, which ASEC discovered, is aimed at the Valorant gaming community, a free first-person shooter for Windows that includes a link to download an auto-aiming bot in the video description.

These exploits are reportedly game add-ons that allow players to aim at targets quickly and precisely, allowing them to earn headshots without exhibiting any talent.

For popular multiplayer games like Valorant, auto-aiming bots are in great demand since they allow for easy ranking improvement.

Redline is being dropped

Users who try to download the file mentioned in the video’s description will be sent to an anonfiles page, where they will be given a RAR package containing the executable “Cheat installer.exe.”

In truth, this program is a duplicate of RedLine Stealer, one of the most extensively used password-stealing malware infections that steals the following information from afflicted computers:

Computer name, username, IP address, Windows version, system details (CPU, GPU, RAM, and so on), and a list of processes

Browsers for the internet: Chrome, Chrome-based browsers, and Firefox passwords, credit card information, AutoFill forms, bookmarks, and cookies

Cryptocurrency wallets: Armory, AtomicWallet, BitcoinCore, Bytecoin, DashCore, Electrum, Ethereum, LitecoinCore, Monero, Exodus, Zcash, and Jaxx \sVPN clients: ProtonVPN, OpenVPN, and NordVPN

Others: FileZilla (host address, port number, username, and passwords), Minecraft (account credentials, level, ranking), Steam (client session), Discord (token information) (token information)

After gathering this data, RedLine elegantly packages it in a ZIP archive called “().zip” and sends the contents to a Discord server using a WebHook API POST request.

Apart from the fact that cheating in video games detracts from the enjoyment of the game and destroys it for others, it is always a security issue.

None of these cheat tools are created by reputable companies, none of them are digitally signed (so antivirus warnings are likely to be ignored), and many of them are malware.

A current example is included in ASEC’s report, but it’s only one of many malicious download URLs hidden behind YouTube movies that offer free software of various sorts.

The films that promote these products are frequently taken from other sources and re-posted as lures by malevolent individuals on newly formed channels.

Even though the comments underneath these videos commend the uploader and say that the program works as advertised, these remarks should not be trusted because they are readily manufactured.

Source

Share this on

Facebook
LinkedIn
Twitter
Pinterest
Email
WhatsApp
Telegram
Skype