This type of malware distribution is fairly common, as hackers are able to easily bypass YouTube’s content regulation efforts.
Details of the Fake Valorant Malware Campaign
Valorant is a free first-person shooter (FPS) on Windows. The campaign target’s the game’s player community by offering an auto-aiming bot in the YouTube video description.
Typically, such bots are add-ons that can be installed in the game and are very valuable to players. They allow players to aim and fire at enemies at superior speeds and precision, allowing them to progress effortlessly. Researchers at ASEC discovered the campaign. When a user clicks on the download link, they are taken to a download page. Here, they can download a compressed file named “Pluto Valornt Cheat.rar” which contains an executable file called “Cheat installer.exe.”
What is Redline Stealer?
While the file may appear like it is related to the game, it actually contains an information stealer called Redline. Once executed, the malware collects a wide range of information, ranging from data about the infected system to credentials used on web services. Below is a list of information that Redline stealer compromises: The hacker stores the stolen data in a compressed file and transfers it to themselves via Discord WebHooks API.
Avoid Clicking on Hacks/Cheat Links in YouTube Videos
According to ASEC, the Valorant Cheat campaign is only a recent example of a very commonly used malware distribution method. Unfortunately, YouTube is riddled with videos that contain malicious download links disguised as free software in the description box. It is important to note that none of these tools are authored by official or well-known firms or developers, and none of them are digitally signed. In many campaigns, hackers even forge top comments that praise the software that aims to provide some legitimacy. It is best to ignore such hacks or cheats altogether as an information stealer like Redline can seriously compromise much of a user’s online activity. If this story captured your interest, we recommend checking out our detailed guide on Trojans.