Photo: Toby Melville / Reuters
The specialists of “Doctor Web” explored modifications of Trojan.PWS.Stealer.23012, who stole the personal data of YouTube users, and found the author of the malware. The results of the investigation the company in its blog.
Malicious software is distributed via links in the comments to the videos on YouTube dedicated to the use of programs that facilitate passage of computer games cheats and trainers. The review refers to “Yandex.Disk”, which supposedly lead to useful applications and guides to cheat codes, and actually distributing Trojan spy. Convincing links to YouTube were accompanied by approving comments left with fake accounts.
Three versions of the virus stolen from devices saved passwords and cookies of the browsers Google Chrome, Opera, Yandex.Browser, Vivaldi, Kometa, Orbitum, Comodo, Amigo and Torch. Under threat was the information of Telegram messenger, apps, Steam, and other data.
The information in the code of the malware revealed the author of the malware.
They found the man under the nickname “Raccoon Pogromist”, which not only develops the Trojans, but sell them on a popular website. He also maintains a YouTube channel devoted to the development of malicious software, and has its own page on GitHub, which puts the source code of the generated malware. Experts also figured out his phone number linked to the account in the Telegram, and city of residence. To figure out the “Raccoon Pogromist” also presented problems as the usernames and passwords from the cloud storage, which are loaded the archives with the stolen files, “sewn” into the body themselves the Trojans.
Video, photo All from Russia.